The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 61 to 75.
Insult to Kannada shows Google AI in a poor light
http://editors.cis-india.org/internet-governance/news/deccan-herald-june-8-2021-krupa-joseph-insult-to-kannada-shows-google-ai-in-a-poor-light
<b>A Google search for ‘the ugliest language in India’ yielded ‘Kannada’ as the answer late last week, causing widespread outrage.
</b>
<p>The article by Krupa Joseph was <a class="external-link" href="https://www.deccanherald.com/metrolife/metrolife-your-bond-with-bengaluru/insult-to-kannada-shows-google-ai-in-a-poor-light-995307.html">published in Deccan Herald</a> on June 8, 2021. Pranesh Prakash and Shweta Mohandas have been quoted.</p>
<hr />
<p>Google has since apologised, saying the answer does not reflect its views, but questions still remain about why this happened at all, and who drafted the answer.</p>
<p style="text-align: justify; ">“When artificial intelligence gets it wrong, things can go really wrong, says tech entrepreneur,”Hari Prasad Nadig, who has worked on Kannada in free and open source soft ware.“Usually, you would expect Google to give an answer based on citings from multiple sources,and at least one or two credible sources.</p>
<p style="text-align: justify; ">Google’s AI should be good enough not to draw answers from opinionated sources,” he says. Google shouldn’t even try to answer prejudiced questions like this in the first place, and the answer shows how flawed it is, he told Metrolife.</p>
<p style="text-align: justify; ">“Usually, you would expect Google to give an answer based on citings from multiple sources, and at least one or two credible sources. Google’s AI should be good enough not to draw answers from opinionated sources,” he says. Google shouldn’t even try to answer prejudiced questions like this in the first place, and the answer shows how flawed it is, he told Metrolife.</p>
<h3 style="text-align: justify; ">Fallible process</h3>
<p style="text-align: justify; ">Pranesh Prakash, Centre for Internet and Society, Bengaluru, says the incident exposes the fallibility of the process by which Google selects its “featured snippets”.</p>
<p style="text-align: justify; ">“It is not an opinion that Google or its employees or its algorithms have come up with, but rather an existing opinion that Google wrongly amplified,” he says.It demonstrates that the snippets that Google features as ‘facts’ aren’t necessarily based on facts, he says.</p>
<h3 style="text-align: justify; ">Periodic checks</h3>
<p style="text-align: justify; ">Shweta Mohandas, researcher with the Center for Internet and Society, says Google does not create content, but only provides content that is available on the Internet.</p>
<p style="text-align: justify; ">“Hence, the biases come from the tags, then used to train the AI. There should be periodic checks on the data fed into the system,” she says. Such blunders can be prevented if the tags and results are audited periodically, and a mechanism is put in place to enable people to report them, she says.</p>
<h3 style="text-align: justify; ">Who was upto mischief?</h3>
<p style="text-align: justify; ">The answer was created on a financial services website whose owners aren’t revealing their names Pavanaja UB, CEO, Vishva Kannada Softech, says the answer was attributed to a website called debt consolidations questions.com — but he was unable to find this post anywhere on the site.“This is a website registered in Russia and it offers questions and answers on many topics. But this particular page could not be found. Maybe it was removed following the outrage,” he says. Pavanaja believes this was a deliberate attempt to upset people. “The website lists no information about the owner and gives no contact details. Even if such a question did exist on the page before, how did it get to the top of the Google search results?” he wonders.</p>
<p style="text-align: justify; ">He suggests that someone planted the answer and kept searching for it until it reached the top.“But who would take so much effort?” he says.</p>
<h3 style="text-align: justify; ">Furore and after</h3>
<p>‘Kannada’ came up as an answer to a query in Google about ‘the ugliest language in India’.</p>
<p style="text-align: justify; ">Aravind Limbavali, minister for Kannada and Culture, demanded an apology from Google, and threatened legal action against the company “for maligning the image of our beautiful language.”</p>
<p>Google removed the answer and issued a statement:</p>
<p style="text-align: justify; ">“We know this is not ideal, but we take swift corrective action when we are made aware of an issue and are continually working to improve our algorithms. Naturally, these are not reflective of the opinions of Google, and we apologise for the misunderstanding and hurting any sentiments."</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/deccan-herald-june-8-2021-krupa-joseph-insult-to-kannada-shows-google-ai-in-a-poor-light'>http://editors.cis-india.org/internet-governance/news/deccan-herald-june-8-2021-krupa-joseph-insult-to-kannada-shows-google-ai-in-a-poor-light</a>
</p>
No publisherKrupa JosephInternet GovernanceArtificial Intelligence2021-06-26T05:25:38ZNews ItemTwitter's India troubles show tough path ahead for digital platforms
http://editors.cis-india.org/internet-governance/news/dw-june-21-2021-aditya-sharma-twitter-india-troubles-show-tough-path-ahead-for-digital-platforms
<b>Twitter is in a standoff with Indian authorities over the government's new digital rules. Critics see the rules as an attempt to curb free speech, while others say more action is needed to hold tech giants accountable.
</b>
<p style="text-align: justify; ">The blog by Aditya Sharma <a class="external-link" href="https://www.dw.com/en/twitters-india-troubles-show-tough-path-ahead-for-digital-platforms/a-57980916">was published by DW</a> on 21 June 2021. Torsha Sarkar was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/Intermediary.jpg/@@images/08eb8de3-4fd6-408f-94d2-3f202da0e730.jpeg" alt="Intermediary" class="image-right" title="Intermediary" /></p>
<p style="text-align: justify; ">Twitter holds a relatively low share of India's social media market. But, since 2017, the huge nation has emerged as Twitter's fastest-growing market, becoming critical to its global expansion plans.</p>
<p style="text-align: justify; ">In February, the Indian government <a href="https://www.dw.com/en/india-targets-twitter-whatsapp-with-new-regulatory-rules/a-56708566">introduced new guidelines</a> to regulate digital content on rapidly growing social media platforms.</p>
<p style="text-align: justify; ">The so-called Intermediary Guidelines are aimed at regulating content on internet platforms such as Twitter and Facebook, making them more accountable to legal requests for the removal of posts and sharing information about the originators of messages.</p>
<p style="text-align: justify; ">Employees at these companies can be held criminally liable for not complying with the government's requests.</p>
<p style="text-align: justify; ">Large social media firms must also set up mechanisms to address grievances and appoint executives to liaise with law enforcement under the new rules, as well as appoint an India-based compliance officer who would be held criminally liable for the content on their platforms.</p>
<p style="text-align: justify; ">The Indian government says the rules empower "users who become victims of defamation, morphed images, sexual abuse," among other online crimes. It also said that the rules seek to tackle the problem of disinformation.</p>
<p style="text-align: justify; ">But critics fear that the rules could be used to target government opponents and make sure dissidents don't use the platforms.</p>
<p style="text-align: justify; ">Social media companies were expected to comply with the new rules by May 25.</p>
<p style="text-align: justify; ">Some Indian media reports have recently said that Twitter lost its status as an "intermediary" and the legal protection that came with it, due to its failure to comply with the new rules.</p>
<h3 style="text-align: justify; ">Failure to comply and serious implications</h3>
<p style="text-align: justify; ">Apar Gupta, the executive director of the Internet Freedom Foundation, a New Delhi-based digital rights advocacy group, says failure to comply with the rules could threaten Twitter's India operations.</p>
<p style="text-align: justify; ">"Not complying with the rules would pose a real risk to Twitter's operational environment," he told DW.</p>
<p style="text-align: justify; ">"It will need to go to court to defend itself each time criminal prosecutions are launched against it," he added.</p>
<p style="text-align: justify; ">The first case against Twitter was filed last week, where it was charged with failing to stop the spread of a video on its platform that allegedly incited "hate and enmity" between two religious groups.</p>
<p style="text-align: justify; "><span>'Heavy censorship'</span></p>
<p style="text-align: justify; ">Gupta says adhering to all the government's demands would substantially change Twitter.</p>
<p style="text-align: justify; ">"Absolute compliance would mean heavy censorship of individual tweets, removal of the manipulated media tags, and blocking/suspension of accounts at the government's behest," he said.</p>
<p style="text-align: justify; ">Torsha Sarkar, policy officer at the Bengaluru-based Centre for Internet and Society, fears that Twitter might at times be compelled to overcomply with government demands, threatening user rights.</p>
<p style="text-align: justify; ">"This can be either by over-complying with flawed information requests, thereby selling out its users, or taking down content that offends the majoritarian sensibilities," she told DW.</p>
<p style="text-align: justify; ">Last week, three special rapporteurs appointed by a top UN human rights body expressed "serious concerns" that certain parts of the guidelines "may result in the limiting or infringement of a wide range of human rights."</p>
<p style="text-align: justify; ">They urged New Delhi to review the rules, adding that they did not conform to India's international human rights obligations and could threaten the digital rights of Indians.</p>
<h3 style="text-align: justify; ">Twitter's balancing act</h3>
<p style="text-align: justify; ">It is not the first time that Twitter has been accused of giving in to government pressure to censor content on its platform.</p>
<p style="text-align: justify; ">At the height of the long-running farmer protests, <a href="https://www.dw.com/en/farmer-protests-india-blocks-prominent-twitter-accounts-detains-journalists/a-56411354">Twitter blocked hundreds of tweets</a> and accounts, including the handle of a prominent news magazine. It subsequently unblocked them following public outrage.</p>
<p style="text-align: justify; ">The US company stopped short of complying with demands to block the accounts of activists, politicians and journalists, arguing that such a move would "violate their fundamental right to free expression under Indian law."</p>
<p style="text-align: justify; ">According to local media reports, Twitter's Indian executives were reportedly threatened with fines and imprisonment if the accounts were not taken down.</p>
<h3 style="text-align: justify; ">Special police notify Twitter offices</h3>
<p style="text-align: justify; ">Last month, the labeling of a tweet by a politician from the ruling BJP as "manipulated media" prompted a special unit of the <a href="https://www.dw.com/en/india-police-visit-twitter-offices-over-manipulated-tweet/a-57650193">Delhi police to visit Twitter's offices</a> in the capital and neighboring Gurgaon. Police notified the offices about an investigation into the labeling of the post.</p>
<p style="text-align: justify; ">Twitter India's managing director, Manish Maheswari, was said to have been asked to appear before the police for questioning, according to media reports.</p>
<p style="text-align: justify; ">Some Twitter employees have refused to talk about the ongoing tensions for fear of government reprisals.</p>
<p style="text-align: justify; ">"Such kind of intimidation does not happen every day. (But) Everyone at Twitter India is terrified," people familiar with the matter told DW on the condition of anonymity.</p>
<h3 style="text-align: justify; ">Big Tech VS sovereign power?</h3>
<p style="text-align: justify; ">Those calling for better regulation of tech giants say transnational <a href="https://www.dw.com/en/india-social-media-conflict/a-57702394">social media companies like Twitter lack accountability</a>, blaming them for the alleged inaction against online abuse and disinformation campaigns.</p>
<p style="text-align: justify; ">"The problem with these rules is that they centralize greater power toward the government without providing for the objective benefit of rights toward users," Gupta said.</p>
<p style="text-align: justify; ">"If Twitter were to comply with these rules, it would make a bad situation worse," he said.</p>
<p style="text-align: justify; ">Twitter is unlikely to ditch a major market such as India.</p>
<p style="text-align: justify; ">Sarkar from the Centre for Internet and Society said "It might be difficult to say how the powers of big tech are going to collide with sovereign nations, especially in light of flawed legal interventions around the world."</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/dw-june-21-2021-aditya-sharma-twitter-india-troubles-show-tough-path-ahead-for-digital-platforms'>http://editors.cis-india.org/internet-governance/news/dw-june-21-2021-aditya-sharma-twitter-india-troubles-show-tough-path-ahead-for-digital-platforms</a>
</p>
No publisherAditya SharmaSocial MediaInternet GovernanceIntermediary LiabilityInformation Technology2021-06-26T02:54:19ZNews ItemThe Geopolitics of Cyberspace: A Compendium of CIS Research
http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-september-24-2021-the-geopolitics-of-cyberspace-compendium-of-cis-research
<b>Cyberspace is undoubtedly shaping and disrupting commerce, defence and human relationships all over the world. Opportunities such as improved access to knowledge, connectivity, and innovative business models have been equally met with nefarious risks including cyber-attacks, disinformation campaigns, government driven digital repression, and rabid profit-making by ‘Big Tech.’ Governments have scrambled to create and update global rules that can regulate the fair and equitable uses of technology while preserving their own strategic interests.</b>
<p style="text-align: justify;">With a rapidly digitizing economy and clear interests in shaping global rules that favour its strategic interests, India stands at a crucial juncture on various facets of this debate. How India governs and harnesses technology, coupled with how India translates these values and negotiates its interests globally, will surely have an impact on how similarly placed emerging economies devise their own strategies. The challenge here is to ensure that domestic technology governance as well as global engagements genuinely uphold and further India’s democratic fibre and constitutional vision.</p>
<p style="text-align: justify;">Since 2018, researchers at the Centre for Internet and Society have produced a body of research including academic writing, at the intersection of geopolitics and technology covering global governance regimes on trade and cybersecurity, including their attendant international law concerns, the digital factor in bilateral relationships (with a focus on the Indo-US and Sino-Indian relationships). We have paid close focus to the role of emerging technologies in this debate, including AI and 5G as well as how private actors in the technology domain, operating across national jurisdictions, are challenging and upending traditionally accepted norms of international law, global governance, and geopolitics.</p>
<p style="text-align: justify;">The global fissures in this space matter fundamentally for individuals who increasingly use digital spaces to carry out day to day activities: from being unwitting victims of state surveillance to harnessing social media for causes of empowerment to falling prey to state-sponsored cyber attacks, the rules of cyber governance, and its underlying politics. Yet, the rules are set by a limited set of public officials and technology lawyers within restricted corridors of power. Better global governance needs more to be participatory and accessible. CIS’s research and writing has been cognizant of this, and attempted to merge questions of global governance with constitutional and technical questions that put individuals and communities centre-stage.</p>
<p>Research and writing produced by CIS researchers and external collaborators from 2018 onward is detailed in the appended compendium.</p>
<h2>Compendium</h2>
<h3>Global cybersecurity governance and cyber norms</h3>
<p style="text-align: justify;"><em>Two decades since a treaty governing state behaviour in cyberspace was mooted by Russia, global governance processes have meandered along. The security debate has often been polarised along “Cold War” lines but the recent amplification of cyberspace governance as developmental, social and economic has seen several new vectors added to this debate. This past year two parallel processes at the United Nations General Assembly’s First Committee on Disarmament and International Security-United Nations Group of Governmental Experts (UN-GGE) and the United Nations Open Ended Working Group managed to produce consensus reports but several questions on international law, norms and geopolitical co-operation remain. India has been a participant at these crucial governance debates. Both the substance of the contribution, along with its implications remain a key focus area for our research.</em></p>
<p style="text-align: justify;"><em>Edited Volumes</em></p>
<ul>
<li>Karthik Nachiappan and Arindrajit Basu <a href="https://www.india-seminar.com/2020/731.htm">India and Digital World-Making</a>, <em>Seminar </em>731, 1 July 2020 <em>(featuring contributions from Manoj Kewalramani, Gunjan Chawla, Torsha Sarkar, Trisha Ray, Sameer Patil, Arun Vishwanathan, Vidushi Marda, Divij Joshi, Asoke Mukerji, Pallavi Raghavan, Karishma Mehrotra, Malavika Raghavan, Constantino Xavier, Rajen Harshe' and Suman Bery</em>)</li></ul>
<p><em><br />Long-Form Articles</em></p>
<ol>
<li>Arindrajit Basu and Elonnai Hickok, <a href="https://cis-india.org/internet-governance/blog/arindrajit-basu-and-elonnai-hickok-november-30-2018-cyberspace-and-external-affairs"><em>Cyberspace and External Affairs: A Memorandum for India</em></a> (Memorandum, Centre for Internet and Society, 30 Nov 2018) </li>
<li><a href="https://cis-india.org/internet-governance/blog/the-potential-for-the-normative-regulation-of-cyberspace-implications-for-india"><em>The Potential for the Normative Regulation of Cyberspace</em></a><em> </em>(White Paper, Centre for Internet and Society, 30 July 2018) </li>
<li>Arindrajit Basu and Elonnai Hickok <a href="https://cis-india.org/internet-governance/blog/conceptualizing-an-international-security-regime-for-cyberspace"><em>Conceptualizing an International Security Architecture for cyberspace</em></a><em> </em>(Briefings of the Global Commission on the Stability of Cyberspace, Bratislava, Slovakia, May 2018)</li>
<li>Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah, and Akriti Bopanna,<a href="https://cis-india.org/internet-governance/files/indias-contribution-to-internet-governance-debates"> India's contribution to internet governance debates</a> (NLUD Student Law Journal, 2018)</li></ol>
<p><em><br />Blog Posts and Op-eds</em></p>
<ul>
<li>Arindrajit Basu, Irene Poetranto, and Justin Lau, <a href="https://carnegieendowment.org/2021/05/19/un-struggles-to-make-progress-on-securing-cyberspace-pub-84491">The UN struggles to make progress in cyberspace</a><em>, Carnegie Endowment for International Peace</em>, May 19th, 2021</li>
<li>Andre’ Barrinha and Arindrajit Basu, <a href="https://directionsblog.eu/could-cyber-diplomacy-learn-from-outer-space/">Could cyber diplomacy learn from outer space</a>, <em>EU Cyber Direct</em>, 20th April 2021</li>
<li>Arindrajit Basu and Pranesh Prakash<strong>, </strong><a href="https://www.thehindu.com/opinion/lead/patching-the-gaps-in-indias-cybersecurity/article34000336.ece">Patching the gaps in India’s cybersecurity</a>, <em>The Hindu, </em>6th March 2021</li>
<li>Arindrajit Basu and Karthik Nachiappan, <a href="https://www.leidensecurityandglobalaffairs.nl/articles/will-india-negotiate-in-cyberspace">Will India negotiate in cyberspace?</a>, Leiden Security and Global Affairs blog,December 16, 2020</li>
<li>Elizabeth Dominic, <a href="https://cis-india.org/internet-governance/blog/the-debate-over-internet-governance-and-cyber-crimes-west-vs-the-rest">The debate over internet governance and cybercrimes: West vs the rest?</a>,<em> Centre for Internet and Society, </em>June 08, 2020</li>
<li>Arindrajit Basu, <a href="https://www.lawfareblog.com/indias-role-global-cyber-policy-formulation"><em>India’s role in Global Cyber Policy Formulation</em></a><em>, Lawfare, Nov 7, 2019</em></li>
<li>Pukhraj Singh, <a href="https://cis-india.org/internet-governance/blog/guest-post-before-cyber-norms-let2019s-talk-about-disanalogy-and-disintermediation">Before cyber norms,let's talk about disanalogy and disintermediation</a>, <em>Centre for Internet and Society, </em>Nov 15th, 2019</li>
<li>Arindrajit Basu and Karan Saini, <a href="https://mwi.usma.edu/setting-international-norms-cyber-conflict-hard-doesnt-mean-stop-trying/">Setting International Norms of Cyber Conflict is Hard, But that Doesn’t Mean that We Should Stop Trying</a><em>, Modern War Institute, </em>30th Sept, 2019</li>
<li>Arindrajit Basu, <a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/"><em>Politics by other means: Fostering positive contestation and charting red lines through global governance in cyberspace</em></a><em> (Digital Debates, </em>Volume 6, 2019<em>)</em></li>
<li>Arindrajit Basu<em>, </em><a href="https://thewire.in/trade/will-the-wto-finally-tackle-the-trump-card-of-national-security">Will the WTO Finally Tackle the ‘Trump’ Card of National Security?</a><em> (The Wire, </em>8th May 2019<em>)</em></li></ul>
<p><em>Policy Submissions</em></p>
<ol>
<li>Arindrajit Basu, <a href="https://cis-india.org/internet-governance/blog/cis-comments-on-pre-draft-of-the-report-of-the-un-open-ended-working-group">CIS Submission to OEWG </a>(Centre for Internet and Society, Policy Submission, 2020)</li>
<li>Aayush Rathi, Ambika Tandon, Elonnai Hickok, and Arindrajit Basu. “<a href="https://cis-india.org/internet-governance/blog/cis-submission-to-un-high-level-panel-on-digital-cooperation">CIS Submission to UN High-Level Panel on Digital Cooperation</a>.” Policy submission. Centre for Internet and Society, January 2019.</li>
<li>Arindrajit Basu,Gurshabad Grover, and Elonnai Hickok. “<a href="https://cis-india.org/internet-governance/blog/arindrajit-basu-gurshabad-grover-elonnai-hickok-january-22-2019-response-to-gcsc-on-request-for-consultation">Response to GCSC on Request for Consultation: Norm Package Singapore</a>.” Centre for Internet and Society, January 17, 2019.</li>
<li>Arindrajit Basu and Elonnai Hickok. <a href="https://cis-india.org/internet-governance/files/gcsc-response.">Submission of Comments to the GCSC Definition of ‘Stability of Cyberspace</a> (Centre for Internet and Society, September 6, 2019)</li></ol>
<ol></ol>
<h3>Digital Trade and India's Political Economy</h3>
<p style="text-align: justify;"><em>The modern trading regime and its institutions were born largely into a world bereft of the internet and its implications for cross-border flow and commerce. Therefore, regulatory ambitions at the WTO have played catch up with the technological innovation that has underpinned the modern global digital economy. Driven by tech giants, the “developed” world has sought to restrict the policy space available to the emerging world to impose mandates regarding data localisation, source code disclosure, and taxation - among other initiatives central to development. At the same time emerging economies have pushed back, making for a tussle that continues to this day. Our research has focussed both on issues of domestic political economy and data governance,and the implications these domestic issues have on how India and other emerging economies negotiate at the world stage.</em></p>
<p><em>Long-Form articles and essays</em></p>
<ol>
<li>Arindrajit Basu, Elonnai Hickok and Aditya Chawla,<em> </em><a href="https://cis-india.org/internet-governance/blog/the-localisation-gambit-unpacking-policy-moves-for-the-sovereign-control-of-data-in-india"><strong>T</strong></a><a href="https://cis-india.org/internet-governance/blog/the-localisation-gambit-unpacking-policy-moves-for-the-sovereign-control-of-data-in-india">he Localisation Gambit: Unpacking policy moves for the sovereign control of data in India</a><em> (</em>Centre for Internet and Society<em>, </em>March 19, 2019)<strong><em> </em></strong></li>
<li>Arindrajit Basu,<a href="about:blank">Sovereignty in a datafied world: A framework for Indian diplomacy</a> in Navdeep Suri and Malancha Chakrabarty (eds) <em>A 2030 Vision for India’s Economic Diplomacy </em>(Observer Research Foundation 2021) </li>
<li>Amber Sinha, Elonnai Hickok, Udbhav Tiwari and Arindrajit Basu, <a href="https://cis-india.org/internet-governance/files/mlat-report">Cross Border Data-Sharing and India </a>(Centre for Internet and Society, 2018)</li></ol>
<p><em>Blog posts and op-eds </em></p>
<ul>
<li>Arindrajit Basu,<a class="external-link" href="http://www.hinrichfoundation.com/research/article/wto/can-the-wto-build-consensus-on-digital-trade/"> Can the WTO build consensus on digital trade,</a> Hinrich Foundation,October 05,2021<br /></li><li>Amber Sinha, <a href="https://thewire.in/tech/twitter-modi-government-big-tech-new-it-rules">The power politics behind Twitter versus Government of India</a>, <em>The Wire</em>, June 03, 2021</li>
<li>Karthik Nachiappan and Arindrajit Basu, <a href="https://www.thehindu.com/opinion/op-ed/shaping-the-digital-world/article32224942.ece?homepage=true">Shaping the Digital World</a>, <em>The Hindu</em>, 30th July 2020</li>
<li>Arindrajit Basu and Karthik Nachiappan, <a href="https://www.india-seminar.com/2020/731/731_arindrajit_and_karthik.htm"><em>India and the global battle for data governance</em></a>, Seminar 731, 1st July 2020</li>
<li>Amber Sinha and Arindrajit Basu, <a href="https://scroll.in/article/960676/analysis-reliance-jio-facebook-deal-highlights-indias-need-to-revisit-competition-regulations">Reliance Jio-Facebook deal highlights India’s need to revisit competition regulations</a>, <em>Scroll</em>, 30th April 2020</li>
<li>Arindrajit Basu and Amber Sinha, <a href="https://thediplomat.com/2020/04/the-realpolitik-of-the-reliance-jio-facebook-deal/">The realpolitik of the Reliance-Jio Facebook deal</a>, <em>The Diplomat</em>, 29th April 2020</li>
<li>Arindrajit Basu, <a href="https://thediplomat.com/2020/01/the-retreat-of-the-data-localization-brigade-india-indonesia-and-vietnam/"><em>The Retreat of the Data Localization Brigade: India, Indonesia, Vietnam</em></a><em>, The Diplomat</em>, Jan 10, 2020</li>
<li>Amber Sinha and Arindrajit Basu, <a href="https://www.epw.in/engage/article/politics-indias-data-protection-ecosystem"><em>The Politics of India’s Data Protection Ecosystem</em></a>, <em>EPW Engage</em>, 27 Dec 2019</li>
<li>Arindrajit Basu and Justin Sherman, <a href="https://www.lawfareblog.com/key-global-takeaways-indias-revised-personal-data-protection-bill">Key Global Takeaways from India’s Revised Personal Data Protection Bill</a>, <em>Lawfare</em>, Jan 23, 2020</li>
<li>Nikhil Dave,“<a href="https://cis-india.org/internet-governance/geo-economic-impacts-of-the-coronavirus-global-supply-chains-part-i">Geo-Economic Impacts of the Coronavirus: Global Supply Chains</a>.” <em>Centre for Internet and Society</em> , June 16, 2020.</li></ul>
<h3>International Law and Human Rights</h3>
<p style="text-align: justify;"><em>International law and human rights are ostensibly technology neutral, and should lay the edifice for digital governance and cybersecurity today. Our research on international human rights has focussed on global surveillance practices and other internet restrictions employed by a variety of nations, and the implications this has for citizens and communities in India and similarly placed emerging economies. CIS researchers have also contributed to, and commented on World Intellectual Property Organization negotiations at the intersection of international Intellectual Property (IP) rules and the human rights.</em></p>
<p><em>Long-form article</em></p>
<p><em> </em></p>
<ol>
<li>Arindrajit Basu, <a href="https://cis-india.org/internet-governance/extra-territorial-surveillance-and-the-incapacitation-of-human-rights">Extra Territorial Surveillance and the incapacitation of international human rights law</a>, 12 NUJS LAW REVIEW 2 (2019)</li>
<li>Gurshabad Grover and Arindrajit Basu, ”<a href="https://cyberlaw.ccdcoe.org/wiki/Scenario_24:_Internet_blockage">Internet Blockage</a>”(Scenario contribution to NATO CCDCOE Cyber Law Toolkit,2021)</li>
<li>Arindrajit Basu and Elonnai Hickok, <a href="https://www.ijlt.in/journal/conceptualizing-an-international-framework-for-active-private-cyber-defence">Conceptualizing an international framework for active private cyber defence </a>(Indian Journal of Law and Technology, 2020)</li><li>Arindrajit Basu,<a class="external-link" href="http://www.orfonline.org/wp-content/uploads/2021/10/Digital-Debates__CyFy2021.pdf">Challenging the dogmatic inevitability of extraterritorial state surveillance </a>in Trisha Ray and Rajeswari Pillai Rajagopalan (eds) Digital Debates: CyFy Journal 2021 (New Delhi:ORF and Global Policy Journal,2021)<br /></li></ol>
<p><em>Blog Posts and op-eds</em></p>
<ul>
<li>Arindrajit Basu, “<a href="https://www.medianama.com/2020/08/223-american-law-on-mass-surveillance-post-schrems-ii/">Unpacking US Law And Practice On Extraterritorial Mass Surveillance In Light Of Schrems II</a>”, <em>Medianama</em>, 24th August 2020</li>
<li>Anubha Sinha, “World Intellectual Property Organisation: Notes from the Standing Committee on Copyright Negotiations (<a href="https://cis-india.org/a2k/blogs/wipo-sccr-41-notes-from-day-1">Day 1</a>, <a href="https://cis-india.org/a2k/blogs/wipo-sccr-41-notes-from-day-2">Day 2</a>, <a href="https://cis-india.org/a2k/blogs/wipo-sccr-41-notes-from-day-3-and-day-4-1">Day 3 and 4</a>)”, July 2021</li><li>Raghav Ahooja and Torsha Sarkar,<a class="external-link" href="http://www.lawfareblog.com/how-not-regulate-internet-lessons-indian-subcontinent">How (not) to regulate the internet:Lessons from the Indian Subcontinent</a>,Lawfare,September 23,2021,<br /></li></ul>
<h3>Bilateral Relationships</h3>
<p style="text-align: justify;"><em>Technology has become a crucial factor in shaping bilateral and plurilateral co-operation and competition. Given the geopolitical fissures and opportunities since 2020, our research has focussed on how technology governance and cybersecurity could impact the larger ecosystem of Indo-China and India-US relations. Going forward, we hope to undertake more research on technology in plurilateral arrangements, including the Quadrilateral Security Dialogue. </em></p>
<ul>
<li>Arindrajit Basu and Justin Sherman, <a href="https://thediplomat.com/2021/03/the-huawei-factor-in-us-india-relations/">The Huawei Factor in US-India Relations</a>,<em>The Diplomat</em>, 22 March 2021</li>
<li>Aman Nair, “<a href="https://cis-india.org/internet-governance/blog/tiktok-it2019s-time-for-biden-to-make-a-decision-on-his-digital-policy-with-china">TIkTok: It’s Time for Biden to Make a Decision on His Digital Policy with China</a>,” <em>Centre for Internet and Society</em>, January 22, 2021,</li>
<li>Arindrajit Basu and Gurshabad Grover, <a href="https://thediplomat.com/2020/10/india-needs-a-digital-lawfare-strategy-to-counter-china/">India Needs a Digital Lawfare Strategy to Counter China</a>, <em>The Diplomat</em>, 8th October 2020</li>
<li>Anam Ajmal, <a href="https://timesofindia.indiatimes.com/blogs/toi-edit-page/the-app-ban-will-have-an-impact-on-the-holding-companies-global-power-projection-begins-at-home/">The app ban will have an impact on the holding companies...global power projection begins at home</a>, <em>Times of India</em>, July 7th, 2020 (Interview with Arindrajit Basu)</li>
<li>Justin Sherman and Arindrajit Basu, <a href="https://thediplomat.com/2020/03/trump-and-modi-embrace-but-remain-digitally-divided/">Trump and Modi embrace, but remain digitally divided</a>, <em>The Diplomat</em>, March 05th, 2020</li></ul>
<h3>Emerging Technologies</h3>
<p style="text-align: justify;"><em>Governance needs to keep pace with the technological challenges posed by emerging technologies, including 5G and AI. To do so an interdisciplinary approach that evaluates these scientific advances in line with the regimes that govern them is of utmost importance. While each country will need to regulate technology through the lens of their strategic interests and public policy priorities, it is clear that geopolitical tensions on standard-setting and governance models compels a more global outlook.</em></p>
<p><em>Long-Form reports</em></p>
<ol>
<li>Anoushka Soni and Elizabeth Dominic,<a href="https://cis-india.org/internet-governance/legal-and-policy-implications-of-autonomous-weapons-systems"> Legal and Policy implications of Autonomous weapons systems</a> (Centre for Internet and Society, 2020)</li>
<li>Aayush Rathi, Gurshabad Grover, and Sunil Abraham,<a href="https://cis-india.org/internet-governance/blog/regulating-the-internet-the-government-of-india-standards-development-at-the-ietf"> Regulating the internet: The Government of India & Standards Development at the IETF</a> (Centre for Internet and Society, 2018)</li></ol>
<p><em>Blog posts and op-eds</em></p>
<ul>
<li>Aman Nair, <a href="https://cis-india.org/internet-governance/blog/would-banning-chinese-telecom-companies-make-5g-secure-in-india">Would banning Chinese telecom companies make India 5G secure in India?</a> <em>Centre for Internet and Society</em>, 22nd December 2020</li>
<li>Arindrajit Basu and Justin Sherman<strong>, </strong><a href="https://www.lawfareblog.com/two-new-democratic-coalitions-5g-and-ai-technologies">Two New Democratic Coalitions on 5G and AI Technologies</a>, <em>Lawfare</em>, 6th August 2020</li>
<li>Nikhil Dave, <a href="https://cis-india.org/internet-governance/blog/the-5g-factor.">The 5G Factor: A Primer</a>, <em>Centre for Internet and Society,</em> July 20, 2020.</li>
<li>Gurshabad Grover, <a href="https://indianexpress.com/article/opinion/columns/huawei-ban-india-united-states-china-5755232/">The Huawei bogey</a> <em>Indian Express</em>, May 30th, 2019</li>
<li>Arindrajit Basu and Pranav MB, <a href="https://cis-india.org/internet-governance/blog/what-is-the-problem-with-2018ethical-ai2019-an-indian-perspective">What is the problem with 'Ethical AI'?:An Indian perspective</a>, Centre for Internet and Society, July 21, 2019</li></ul>
<p><strong> </strong></p>
<p><em> </em></p>
<hr />
<p style="text-align: justify;"><em>(This compendium was drafted by Arindrajit Basu with contributions from Anubha Sinha. Aman Nair, Gurshabad Grover, and Pranav MB reviewed the draft and provided vital insight towards its conceptualization and compilation</em>. Dishani Mondal and Anand Badola provided important inputs at earlier stages of the process towards creating this compendium)</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-september-24-2021-the-geopolitics-of-cyberspace-compendium-of-cis-research'>http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-september-24-2021-the-geopolitics-of-cyberspace-compendium-of-cis-research</a>
</p>
No publisherarindrajitCyber SecurityInternet GovernanceCyberspace2021-11-15T14:48:49ZBlog EntryA Guide to Drafting Privacy Policy under the Personal Data Protection Bill, 2019
http://editors.cis-india.org/internet-governance/blog/shweta-reddy-september-17-2021-a-guide-to-drafting-privacy-policy-under-personal-data-protection-bill
<b>The Personal Data Protection Bill, 2019, (PDP Bill) which is currently being deliberated by the Joint Parliamentary Committee, is likely to be tabled in the Parliament during the winter session of 2021.</b>
<p style="text-align: justify;">The Bill in its current form, doesn’t have explicit transitory provisions i.e. a defined timeline for the enforcement of the provisions of the Bill post its notification as an enforceable legislation. Since the necessary subject matter expertise may be limited on short notice and out of budget for certain companies, we intend to release a series of guidance documents that will attempt to simplify the operational requirements of the legislation.</p>
<p style="text-align: justify;">Certain news reports had earlier suggested that the Joint Parliamentary Committee reviewing the Bill has proposed <a class="external-link" href="https://economictimes.indiatimes.com/news/politics-and-nation/parliamentary-panel-examining-personal-data-protection-bill-recommends-89-changes/articleshow/80138488.cms">89 new amendments and a new clause</a>. The nature and content of these amendments so far remain unclear. However, we intend to start the series by addressing some frequently asked questions around meeting the requirements of publishing a privacy notice and shall make the relevant changes post notification of the new Bill. The solutions provided in this guidance document are mostly based on international best practices and any changes in the solutions based on Indian guidelines and the revised PDP Bill will be redlined in the future.</p>
<p style="text-align: justify;">The frequently asked questions and other specific examples on complying with the requirements of publishing a privacy policy have been compiled based on informal discussions with stakeholders, unsolicited queries from smaller organizations and publicly available details from conferences on the impact of the Bill. We intend to conduct extensive empirical analysis of additional queries or difficulties faced by smaller organizations towards achieving compliance post the notification of the new Bill. Regardless, any smaller organizations(NGOs, start-ups etc.) interested in discussing compliance related queries can get in touch with us.</p>
<hr />
<p style="text-align: justify;">Click to download the <a href="http://editors.cis-india.org/internet-governance/guide-to-personal-data-protection-bill.pdf" class="internal-link">full report here</a>. The report was reviewed by Pallavi Bedi and Amber Sinha.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/shweta-reddy-september-17-2021-a-guide-to-drafting-privacy-policy-under-personal-data-protection-bill'>http://editors.cis-india.org/internet-governance/blog/shweta-reddy-september-17-2021-a-guide-to-drafting-privacy-policy-under-personal-data-protection-bill</a>
</p>
No publishershwetarInternet GovernanceData ProtectionPrivacy2021-09-20T10:34:40ZBlog EntryMedia Market Risk Ratings: India
http://editors.cis-india.org/internet-governance/blog/gdi-and-cis-torsha-sarkar-pranav-m-bidare-and-gurshabad-grover-july-12-2021-media-market-risk-ratings-india
<b>The Centre for Internet and Society (CIS) and the Global Disinformation Index (GDI) are launching a study into the risk of disinformation on digital news platforms in India, creating an index that is intended to serve donors and brands with a neutral assessment of news sites that they can utilise to defund disinformation.</b>
<h2>Introduction</h2>
<p style="text-align: justify;">The harms of disinformation are proliferating around the globe—threatening our elections, our health, and our shared sense of facts.</p>
<p style="text-align: justify;">The infodemic laid bare by COVID-19 conspiracy theories clearly shows that disinformation costs peoples’ lives. Websites masquerading as news outlets are driving and profiting financially from the situation.</p>
<p style="text-align: justify;">The goal of the Global Disinformation Index (GDI) is to cut off the revenue streams that incentivise and sustain the spread of disinformation. Using both artificial and human intelligence, the GDI has created an assessment framework to rate the disinformation risk of news domains.</p>
<p style="text-align: justify;">The GDI risk rating provides advertisers, ad tech companies and platforms with greater information about a range of disinformation flags related to a site’s <strong>content</strong> (i.e. reliability of content), <strong>operations</strong> (i.e. operational and editorial integrity) and <strong>context</strong> (i.e. perceptions of brand trust). The findings in this report are based on the human review of these three pillars: <strong>Content, Operations</strong>, and <strong>Context</strong>.</p>
<p style="text-align: justify;">A site’s disinformation risk level is based on that site’s aggregated score across all of the reviewed pillars and indicators. A site’s overall score ranges from zero (maximum risk level) to 100 (minimum risk level). Each indicator that is included in the framework is scored from zero to 100. The output of the index is therefore the site’s overall disinformation risk level, rather than the truthfulness or journalistic quality of the site.</p>
<h2 style="text-align: justify;">Key Findings</h2>
<p>In reviewing the media landscape for India, the assessment found that:</p>
<p><strong><em>Nearly a third of the sites in our sample had a high risk of disinforming their online users.</em></strong></p>
<ul>
<li style="text-align: justify;">Eighteen sites were found to have a high disinformation risk rating. This group includes sites that are published in all the three languages in our scope: English, Hindi and Bengali.</li>
<li style="text-align: justify;">Around half of the websites in our sample had a ‘medium’ risk rating. No site performed exceptionally on all fronts, resulting in no sites having a minimum risk rating. On the other hand, no site performed so poorly as to earn a maximum risk rating.</li></ul>
<p><strong><em>Only a limited number of Indian sites present low levels of disinformation risks.</em></strong></p>
<ul>
<li>No website was rated as having a ‘minimum’ disinformation risk.</li>
<li>Eight sites were rated with a ‘low’ level of disinformation risk. Seven out of these websites served content primarily in English, one in Hindi.</li></ul>
<p><strong><em>The media sites assessed in India tend to perform very poorly on publishing transparent operational checks and balances.</em></strong></p>
<ul>
<li style="text-align: justify;">Over one-third of the sites in our sample published little information about their ownership structure, and also failed to be transparent about their revenue sources.</li>
<li style="text-align: justify;">Only ten of the sites in our sample publish any information about their policies on how they correct errors in their reporting.</li></ul>
<p><strong><em>Association with traditional media did not play a significant factor in determining risk of disinformation.</em></strong></p>
<ul>
<li>On average, websites associated with TV or print did not perform any differently when compared to websites that solely serve digital content.</li></ul>
<p style="text-align: justify;">The findings show that on the whole, Indian websites can substantially increase their trustworthiness by taking measures to address these shortfalls in their operational checks and balances. For example, they could increase transparency on the structure of their businesses and have clear policies on how they address errors in their reporting. Both of these measures are in line with universal standards of good journalistic practices, as agreed by the Journalism Trust Initiative.</p>
<hr />
<p style="text-align: justify;">Click to download the <a href="http://editors.cis-india.org/internet-governance/media-market-risk-ratings.pdf" class="internal-link">full report here</a>. To read the report in Hindi, <a class="external-link" href="https://cis-india.org/internet-governance/resources/media-bazaar-jokhim-rating.pdf">click here</a>. The authors extend their thanks to Anna Liz Thomas, Sanah Javed, Sagnik Chatterjee, and Raghav Ahooja for their assistance.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/gdi-and-cis-torsha-sarkar-pranav-m-bidare-and-gurshabad-grover-july-12-2021-media-market-risk-ratings-india'>http://editors.cis-india.org/internet-governance/blog/gdi-and-cis-torsha-sarkar-pranav-m-bidare-and-gurshabad-grover-july-12-2021-media-market-risk-ratings-india</a>
</p>
No publisherTorsha Sarkar, Pranav M Bidare, and Gurshabad GroverDigital NewsDigital AccessInternet GovernanceDigital IndiaHomepage2022-01-25T13:29:06ZBlog EntryCIS Seminar Series: Information Disorder
http://editors.cis-india.org/internet-governance/blog/cis-seminar-series-information-disorder
<b>The Centre for Internet and Society is announcing the launch of a seminar series to showcase research around digital rights and technology policy, with a focus on the Global South.</b>
<p style="text-align: justify;">The CIS seminar series will be a venue for researchers to share works-in-progress, exchange ideas, identify avenues for collaboration, and curate research. We also seek to mitigate the impact of Covid-19 on research exchange, and foster collaborations among researchers and academics from diverse geographies. Every quarter we will be hosting a remote seminar with presentations, discussions and debate on a thematic area.</p>
<p style="text-align: justify;"><strong> </strong></p>
<h3><strong>Seminar format</strong></h3>
<p style="text-align: justify;"><strong> </strong></p>
<p style="text-align: justify;">We are happy to welcome abstracts for one of two tracks:</p>
<h3>Working paper presentation</h3>
<p style="text-align: justify;"> A working paper presentation would ideally involve a working draft that is presented for about 15 minutes followed by feedback from workshop participants. Abstracts for this track should be 600-800 words in length with clear research questions, methodology, and questions for discussion at the seminar. Ideally, for this track, authors should be able to submit a draft paper two weeks before the conference for circulation to participants.</p>
<h3> Coffee-shop conversations</h3>
<p style="text-align: justify;">In contrast to the formal paper presentation format, the point of the coffee-shop conversations is to enable an informal space for presentation and discussion of ideas. Simply put, it is an opportunity for researchers to “think out loud” and get feedback on future research agendas. Provocations for this should be 100-150 words containing a short description of the idea you want to discuss.</p>
<p style="text-align: justify;">We will try to accommodate as many abstracts as possible given time constraints. We welcome submissions from students and early career researchers, especially those from under-represented communities.</p>
<p style="text-align: justify;"><em>All discussions will be private and conducted under the Chatham House Rule. Drafts will only be circulated among registered participants.</em></p>
<p style="text-align: justify;">Please send all abstracts to <a href="mailto:workshops@cis-india.org">workshops@cis-india.org</a>.</p>
<h3>Theme for the first seminar (to be held on an online platform)</h3>
<p style="text-align: justify;"><strong> </strong></p>
<p style="text-align: justify;">The first seminar will be centered around the theme of ‘Information Disorder<strong>: <em>Mis-, Dis- and Malinformation</em>.’</strong> While the issue of information disorder, colloquially termed as ‘fake news’, has been in the political forefront for the last five years, the flawed attempts at countering the ‘infodemic’ brought about by the pandemic proves that there still continues to be substantial gaps in the body-of-knowledge on this issue. This includes research that proposes empirical, replicable methods of understanding the types, forms or nature of information disorder or research that attempts to understand regulatory approaches, the layers of production and the roles played by different agents in the spread of ‘fake news’.</p>
<p style="text-align: justify;">Accordingly, we invite submissions that address these gaps in knowledge, including those that examine the relationship between digital technology and information disorder across a spectrum of fields and disciplines. Areas of interest include but are not limited to:</p>
<ol style="text-align: justify;">
<li>Information disorders during COVID-19</li>
<li>Effects of coordinated campaigns on marginalised communities</li>
<li>Journalism, the State, and the trust in media </li>
<li>Platform responsibility in information disorder </li>
<li>Information disorder in international law/constitutional/human rights law</li>
<li>Information disorder as a geopolitical tool</li>
<li>Sociopolitical and cultural factors in user engagement</li></ol>
<p style="text-align: justify;"><strong><br /></strong></p>
<p style="text-align: justify;"><strong>Timeline</strong></p>
<ol style="text-align: justify;">
<li>Abstract Submission Deadline: August 25th</li>
<li>Results of Abstract review: September 8th</li>
<li>Full submissions (of draft papers): September 30th</li>
<li>Seminar date: Tentatively October 7th</li></ol>
<div style="text-align: justify;"> </div>
<h3><strong>Contact details</strong></h3>
<p style="text-align: justify;">For any queries please contact us at <a href="mailto:workshops@cis-india.org">workshops@cis-india.org</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cis-seminar-series-information-disorder'>http://editors.cis-india.org/internet-governance/blog/cis-seminar-series-information-disorder</a>
</p>
No publisheramanDigital EconomyDigital AccessInternet GovernanceDigital DisruptionInformation Technology2021-08-11T11:17:57ZPageBeyond the PDP Bill: Governance Choices for the DPA
http://editors.cis-india.org/internet-governance/blog/trishi-jindal-and-s-vivek-beyond-the-pdp-bill
<b>This article examines the specific governance choices the Data Protection Authority (DPA) in India must deliberate on vis-à-vis its standard-setting function, which are distinct from those it will encounter as part of its enforcement and supervision functions.</b>
<p style="text-align: justify;">The Personal Data Protection Bill, 2019, was introduced in the Lok Sabha on 11 December 2019. It lays down an overarching framework for personal data protection in India. Once revised and approved by Parliament, it is likely to establish the first comprehensive data protection framework for India. However, the provisions of the Bill are only one component of the forthcoming data protection framework It further proposes setting up the Data Protection Authority (DPA) to oversee the final enforcement, supervision, and standard-setting. The Bill consciously chooses to vest the responsibility of administering the framework with a regulator instead of a government department. As an independent agency, the DPA is expected to be autonomous from the legislature and the Central Government and capable of making expert-driven regulatory decisions in enforcing the framework.</p>
<p style="text-align: justify;">Furthermore, the DPA is not merely an implementing authority; it is also expected to develop privacy regulations for India by setting standards. As such, it will set the day-to-day obligations of regulated entities under its supervision. Thus, the effectiveness with which it carries out its functions will be the primary determinant of the impact of this Bill (or a revised version thereof) and the data protection framework set out under it.</p>
<p style="text-align: justify;">The final version for the PDP Bill may or may not provide the DPA with clear guidance regarding its functions. In this article, we emphasise the need to look beyond the Bill and instead examine the specific governance choices the DPA must deliberate on vis-à-vis its standard-setting function, which are distinct from those it will encounter as part of its enforcement and supervision functions.</p>
<p style="text-align: justify;"><strong>A brief timeline of the genesis of a distinct privacy regulator for India</strong></p>
<p style="text-align: justify;">The vision of an independent regulator for data protection in India emerged over the course of several intervening processes that set out to revise India’s data protection laws. In fact, the need for a dedicated data protection regulation for India, with enforceable obligations and rights, was debated years before the <a href="https://thewire.in/government/privacy-aadhaar-supreme-court">Aadhaar</a>, <a href="https://www.thehindu.com/news/national/urgent-need-for-data-protection-laws-experts/article23314655.ece">Cambridge Analytica</a>, and <a href="https://www.livemint.com/opinion/online-views/pegasus-has-given-privacy-legislation-a-jab-of-urgency-11628181453098.html">Pegasus</a><sup> </sup>revelations captured the public imagination and mainstreamed conversations on privacy.</p>
<p style="text-align: justify;">The <a href="https://cis-india.org/internet-governance/draft-bill-on-right-to-privacy">Right to Privacy Bill, 2011</a>, which never took off, recognised the right to privacy in line with Article 21 of the Constitution of India, which pertains to the right to life and personal liberty. The Bill laid down express conditions for collecting and processing data and the rights of data subjects. It also proposed setting up a Data Protection Authority (DPA) to supervise and enforce the law and advise the government in policy matters. Upon review by the Cabinet, it was <a href="https://cis-india.org/internet-governance/draft-bill-on-right-to-privacy">suggested</a> that the Authority be revised to an Advisory Council, given its role under the Bill was limited.</p>
<p style="text-align: justify;">Subsequently, in 2012, the AP Shah Committee Report <a href="https://cis-india.org/internet-governance/blog/report-of-group-of-experts-on-privacy.pdf">recommended</a> a principle-based data protection law, focusing on set standards while refraining from providing granular rules, to be enforced through a co-regulatory structure. This structure would consist of central and regional-level privacy commissioners, self-regulatory bodies, and data protection officers appointed by data controllers. There were also a few private members’ bills <a href="https://saveourprivacy.in/media/all/Brief-PDP-Bill-25.12.2020.pdf">introduced</a> between 2011 and 2019.</p>
<p style="text-align: justify;">None of these efforts materialised, and the regulatory regime for data protection and privacy remained embedded within the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules). Though the <a href="https://www.meity.gov.in/writereaddata/files/GSR313E_10511%281%29_0.pdf">SPDI Rules</a> require body corporates to secure personal data, their enforcement is <a href="https://www.indiacode.nic.in/show-data?actid=AC_CEN_45_76_00001_200021_1517807324077&orderno=49">limited</a> to cases of negligence in abiding by these limited set of obligations pertaining to sensitive personal information only, and which have caused wrongful loss or gain – a high threshold to prove for aggrieved individuals. Otherwise, the <a href="https://www.meity.gov.in/writereaddata/files/GSR314E_10511%281%29_0.pdf">Intermediary Guidelines</a>, 2011 require all intermediaries to generally follow these Rules under Rule 3(8). The enforcement of these obligations is <a href="https://www.ikigailaw.com/dispute-resolution-framework-under-the-information-technology-act-2000/#acceptLicense">entrusted</a> to adjudicating officers (AO) appointed by the central government, who are typically bureaucrats appointed as AOs in an ex-officio capacity.</p>
<p style="text-align: justify;">By 2017, the Aadhaar litigations had provided additional traction to the calls for a dedicated and enforceable data protection framework in India. In its judgement, the Supreme Court <a href="https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_24-Aug-2017.pdf">recognised</a> the right to privacy as a fundamental right in India and stressed the need for a dedicated data protection law. Around the same time, the Ministry of Electronics and Information Technology (MeitY) constituted a <a href="https://pib.gov.in/newsite/PrintRelease.aspx?relid=169420">committee of experts</a> under the chairmanship of Justice BN Srikrishna. The Srikrishna Committee undertook public consultations on a 2017 <a href="https://www.meity.gov.in/writereaddata/files/white_paper_on_data_protection_in_india_171127_final_v2.pdf">white paper</a>, which culminated in the nearly comprehensive <a href="https://www.meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018.pdf">Personal Data Protection Bill, 2018</a>, and an accompanying <a href="https://www.meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf">report</a>. This 2018 Bill outlined a regulatory framework of personal data processing for India and defined data processing entities as fiduciaries, which owe a duty of care to individuals to whom personal data relates. The Bill provided for the setting up of an independent regulator that would, among other things, specify further standards for data protection and administer and enforce the provisions of the Bill.</p>
<p style="text-align: justify;">MeitY invited public comments on this Bill and tabled a revised version, the Personal Data Protection <a href="http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf">Bill</a>, 2019 (PDP Bill), in the Lok Sabha in December 2019. Following public pressure calling for detailed discussions on the Bill before its passing, it was referred to a <a href="http://loksabhaph.nic.in/Committee/CommitteeInformation.aspx?comm_code=73&tab=1">Joint Parliamentary Committee</a> (JPC) constituted for this purpose. It currently remains under review; the JPC is <a href="https://www.hindustantimes.com/india-news/need-state-level-data-protection-authorities-joint-parliamentary-committee-mp-amar-patnaik-101632679181340.html">reportedly</a> expected to table its report in the 2021 Winter Session of Parliament. Though the Bill is likely to undergo another <a href="https://www.hindustantimes.com/india-news/over-100-drafting-changes-proposed-to-jpc-on-data-protection-bill-101631730726756.html">round of revisions</a> following the JPC’s review, this is the closest India has come to realising its aspirations of establishing a dedicated and enforceable data protection framework.</p>
<p style="text-align: justify;">This Bill carries forward the choice of a distinct regulatory body, though <a href="https://thewire.in/tech/india-data-protection-authority-needs-constitutional-entrenchment">questions remain</a> on the degree of its independence, given the direct control granted to the central government in appointing its members and funding the DPA.</p>
<p style="text-align: justify;"><strong>Conceptualising an Independent DPA</strong></p>
<p style="text-align: justify;">The Srikrishna Committee’s 2017 white paper and its 2018 report on the PDP Bill discuss the need for a regulator in the context of <em>enforcement</em> of its provisions. However, the DPA under the PDP Bill is tasked with extensive powers to frame detailed regulations and codes of conduct to inform the day-to-day obligations of data fiduciaries and processors. To be clear, the standard-setting function for a regulator <a href="https://ssrn.com/abstract=1393647">entails</a> laying down the standards based on which regulated entities (i.e. the data fiduciaries) will be held accountable, and the manner in which they may conduct themselves while undertaking the regulated activity (i.e. personal data processing). This is in addition to its administrative and enforcement, and quasi-judicial functions, as outlined below:</p>
<p style="text-align: justify;"><strong>Functions of the DPA under the PDP Bill 2019</strong></p>
<p style="text-align: justify;"><strong><img src="http://editors.cis-india.org/home-images/PDPBill.png/@@images/93bcf598-962a-48f1-b1b1-78933dac5d27.png" alt="null" class="image-inline" title="PDP" /></strong></p>
<p style="text-align: justify;">At this stage, it is important to note that the choice of regulation via a regulator is distinct from the administration of the Bill by the central or state governments. Creating a distinct regulatory body allows government procedures to be replaced with expert-driven decision-making to ensure sound economic regulation of the sector. At the same time, the independence of the regulatory authority <a href="https://www.oxfordhandbooks.com/view/10.1093/law/9780198704898.001.0001/oxfordhb-9780198704898">insulates it</a> from political processes. The third advantage of independent regulatory authorities is the scope for ‘operational flexibility’, which is embodied in the relative autonomy of its employees and its decision-making from government scrutiny.</p>
<p style="text-align: justify;">This is also the rationale provided by the Srikrishna Committee in stating their choice to entrust the administration of the data protection law to an independent DPA. The 2017 white paper that preceded the 2018 Srikrishna Committee Report proposed a distinct regulator to provide expert-driven enforcement of laws for the highly specialised data protection sphere. Secondly, the regulator would serve as a single point of contact for entities seeking guidance and will ensure consistency by issuing rules, standards, and guidelines. The Srikrishna Committee Report concretised this idea and proposed a sector-agnostic regulator that is expected to <a href="https://www.meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf">undertake</a> expertise-driven standard-setting, enforcement, and adjudication under the Bill.<sup> </sup> The PDP Bill carries forward this conception of a DPA, which is distinct from the central government.</p>
<p style="text-align: justify;">Conceptualised as such, the DPA has a completely new set of questions to contend with. Specifically, regulatory bodies require additional safeguards to overcome the legitimacy and accountability questions that <a href="https://www.oxfordhandbooks.com/view/10.1093/law/9780198704898.001.0001/oxfordhb-9780198704898">arise</a> when law-making is carried out not by elected members of the legislature, but via the unelected executive. The DPA would need to incorporate democratic decision-making processes to overcome the deficit of public participation in an expert-driven body. Thus, the meta-objective of ensuring autonomous, expertise-driven, and legitimate regulation of personal data processing necessitates that the regulator has sufficient independence from political interference, is populated with subject matter experts and competent decision-makers, and further has democratic decision-making procedures.</p>
<p>Further, the standard-setting role of the regulator does not receive sufficient attention in terms of providing distinct procedural or substantive safeguards either in the legislation or public policy guidance.</p>
<h3>Reconnaissance under the PDP Bill: How well does it guide the DPA?</h3>
<p style="text-align: justify;">At this time, the PDP Bill is the primary guidance document that defines the DPA and its overall structure. India also lacks an overarching statute or binding framework that lays down granular guidance on regulation-making by regulatory agencies.</p>
<p style="text-align: justify;">The PDP Bill, in its current iteration, sets out skeletal provisions to guide the DPA in achieving its objectives. Specifically, the Bill provides guidance limited to the following:</p>
<ol>
<li style="text-align: justify;"><em>Parliamentary scrutiny of regulations:</em> The DPA must table all its regulations before the Parliament. This is meant to accord <a href="https://www.nipfp.org.in/media/medialibrary/2018/08/WP_237_2018_0ciIwuT.pdf">legislative scrutiny</a> to binding legal standards promulgated by unelected officials.</li>
<li style="text-align: justify;"><em>Consistency with the Act:</em> All regulations should be consistent with the Act and the rules framed under it. This integrates a standard of administrative law to a limited extent within the regulation-making process. </li></ol>
<p style="text-align: justify;">However, India’s past track record <a href="https://prsindia.org/theprsblog/how-well-does-parliament-examine-rules-framed-under-various-laws">indicates</a> that regulations, once tabled before the Parliament, are rarely questioned or scrutinised. Judicial review is typically based on ‘thin’ procedural considerations such as whether the regulation is unconstitutional, arbitrary, <em>ultra vires</em>, or goes beyond the statutory obligations or jurisdiction of the regulator. In any event, judicial review is possible only when an instrument is challenged by a litigant, and, therefore, it may not always be a robust <em>ex-ante</em> check on the exercise of this power. A third challenge arises where instruments other than regulations are issued by the regulator. These could be circulars, directions, guidelines, and even FAQs, which are <a href="https://www.nipfp.org.in/media/medialibrary/2018/08/WP_237_2018_0ciIwuT.pdf">rarely bound</a> by even the minimal procedural mandate of being tabled before the Parliament. To be sure, older regulators including the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI) also face similar issues, which they have attempted to address through various methods including voluntary public consultations, stakeholder meetings, and publication of minutes of meetings. These are useful tools for the DPA to consider as well.</p>
<p>Apart from these, specific guidance is provided with respect to issuing and approving codes of practice and issuing directions as follows:</p>
<ol>
<li style="text-align: justify;">Codes of practice: The DPA is required to (i) ensure transparency,<a href="file:///C:/Users/Admin/AppData/Local/Temp/211105_Governance%20Choices%20for%20the%20DPA%20(1).docx#_ftn1"><sup><sup>[1]</sup></sup></a> (ii) consult with other sectoral regulators and stakeholders, and (iii) follow a procedure to be prescribed by the central government prior to the notification of codes of practice under the Bill.<a href="file:///C:/Users/Admin/AppData/Local/Temp/211105_Governance%20Choices%20for%20the%20DPA%20(1).docx#_ftn2"><sup><sup>[2]</sup></sup></a></li>
<li style="text-align: justify;">Directions: The DPA may issue directions to individual, regulated entities or their classes from time to time, provided these entities have been given the opportunity to be heard by the DPA before such directions are issued.<a href="file:///C:/Users/Admin/AppData/Local/Temp/211105_Governance%20Choices%20for%20the%20DPA%20(1).docx#_ftn3"><sup><sup>[3]</sup></sup></a></li></ol>
<p style="text-align: justify;">However, the meaning of transparency and the process for engaging with sectoral regulators remains unspecified under the Bill. Furthermore, the central government has been provided vast discretion to formulate these procedures, as the Bill does not specify the principles or outcomes sought to be achieved via these procedures. The Bill also does not specify instances where such directions may be issued and in which form.</p>
<p>Thus, as per its last publicly available iteration, the Bill remains silent on the following:</p>
<ul>
<li>The principles that may guide the DPA in its functioning.</li>
<li>The procedure to be followed for issuing regulations and other subordinate legislation under the Bill.</li>
<li style="text-align: justify;">The relevant regulatory instruments, other than regulations and codes of practice – such as circulars, guidelines, FAQs, etc. – that may be issued by the DPA.</li>
<li>The specifics regarding the members and employees within the DPA who are empowered to make these regulations.</li></ul>
<p style="text-align: justify;">It is unclear whether the JPC will revise the DPA’s structure or recommend statutory guidance for the DPA in executing any of its functions. This is unlikely, given that parent statutes for other regulators typically omit such guidance. As a result, the DPA may be required to make intentional and proactive choices on these matters, much like their regulatory counterparts in India. These are discussed in the section below.</p>
<h3 style="text-align: justify;">Envisaging a Proactive Role for the DPA</h3>
<p>As the primary regulatory body in charge of the enforcement of the forthcoming data protection framework, what should be the role of the DPA in setting standards for data protection?</p>
<p style="text-align: justify;">The complexity of the subject matter, and the DPA’s role as the frontline body to define day-to-day operational standards for data protection for the entire digital economy, necessitates that it develop transparent guiding principles and procedures. Furthermore, given that the DPA’s autonomy and capacity are currently unclear, the DPA will need to make deliberate choices regarding how it conducts itself. In this regard, the skeletal nature of the PDP Bill also allows the DPA to determine its own procedures to carry out its tasks effectively.</p>
<p style="text-align: justify;">This is not uncommon in India: various regulators have devised frameworks to create benchmarks for themselves. The Airports Economic Regulatory Authority (AERA) is <a href="http://aera.gov.in/aera/upload/uploadfiles/files/AERAACT.pdf">obligated</a> to follow a dedicated consultation process as per an explicit transparency mandate under the parent statute. However, the Insolvency and Bankruptcy Board of India (IBBI) has, on its own initiative, <a href="https://ibbi.gov.in/webadmin/pdf/legalframwork/2018/Oct/IBBI(Mechamism%20for%20Issuing%20Regulations)%20Regulations,%202018_2018-10-26%2011:59:43.pdf">formulated regulations</a> to guide its regulation-making functions. In other cases, consultation processes have been integrated into the respective framework through judicial intervention: the Telecom Regulatory Authority of India (TRAI) has been mandated to undertake consultations through <a href="https://clpr.org.in/wp-content/uploads/2018/10/Cellular-Operators-v.-TRAI.pdf">judicial interpretation</a> of the requirement for transparency under the Telecom Regulatory Authority of India Act, 1997 (TRAI Act).</p>
<p style="text-align: justify;">In this regard, we develop a list of considerations that the DPA should look to address while carrying out its standard-setting functions. We also draw on best practices by Indian regulators and abroad, which can help identify feasible solutions for an effective DPA for India.</p>
<p><strong>The choice of regulatory instruments</strong></p>
<p style="text-align: justify;">The DPA is empowered to issue regulations, codes of practice, and directions under the Bill. At the same time, regulators in India routinely issue other regulatory instruments to assign obligations and clarify them. Some commonly used regulatory instruments are outlined below. The terms used for instruments are not standard across regulators, and the list and description set out below outline the main concepts and not fixed labels for the instruments.</p>
<p><strong><em>Overview of regulatory instruments</em></strong><em> </em></p>
<table>
<tbody>
<tr>
<td>
<p> </p>
</td>
<td>
<p><strong>Circulars and Master Circulars</strong></p>
</td>
<td>
<p><strong>Guidelines</strong></p>
</td>
<td>
<p><strong>FAQs</strong></p>
</td>
<td>
<p><strong>Directions</strong></p>
</td>
</tr>
<tr>
<td>
<p><strong>Content</strong></p>
</td>
<td>
<p>Circulars are used to prescribe detailed obligations and prohibitions for regulated entities and can mimic regulations. Master circulars consolidate circulars on a particular topic periodically.</p>
</td>
<td>
<p>These may be administrative or substantive, depending on the practice of the regulator in question.</p>
</td>
<td>
<p>Issued in public interest by regulators to clarify the regulatory framework administered by them. They cannot prescribe new standards or create obligations.</p>
</td>
<td>
<p>Issued to provide focused instructions to individual entities or class of entities in response to an adjudicatory action or in lieu of a current challenge.</p>
</td>
</tr>
<tr>
<td>
<p><strong>Binding character</strong></p>
</td>
<td>
<p>They are generally <a href="https://indiankanoon.org/doc/1588871/">binding</a> in the <a href="https://indiankanoon.org/doc/1316639/">same manner</a> as regulations and rules. However, if they go beyond the parent Act or existing rules and regulations, they may be <a href="https://indiankanoon.org/doc/15876695/">struck down</a> following a judicial review.</p>
</td>
<td>
<p>They may or may not be binding depending upon the language employed or the regulator’s practice.</p>
</td>
<td>
<p>Unclear whether these are binding and to what extent. However, crucial clarifications on important concepts sometimes emerge from FAQs.</p>
</td>
<td>
<p>Binding in respect of the class of regulated entities to whom this is issued.</p>
</td>
</tr>
<tr>
<td>
<p><strong>Parliamentary scrutiny</strong></p>
</td>
<td colspan="4">
<p>Unlike regulations, these do not have to be laid before the Parliament.</p>
</td>
</tr>
</tbody>
</table>
<p style="text-align: justify;">Thus, all these instruments, to varying degrees, have <a href="https://www.ncaer.org/news_details.php?nID=1399">been used</a> to create binding obligations for regulated entities. The <a href="https://www.nipfp.org.in/media/medialibrary/2018/08/WP_237_2018_0ciIwuT.pdf">choice of regulatory instrument</a> is not made systematically. Indeed, even a <a href="https://www.bis.org/bcbs/publ/d321.pdf">hierarchy of instruments</a> and their functions are not clearly set out by most regulators. The <a href="https://www.nipfp.org.in/media/medialibrary/2018/08/WP_237_2018_0ciIwuT.pdf">rationale</a> for deciding why a circular is issued as against a regulation is also unclear. A study on regulatory performance in India by Burman and Zaveri (2018) has <a href="https://static1.squarespace.com/static/59c0077a9f745650903ac158/t/5cb62147104c7ba2eaf637e4/1555439944606/Burman+V2.pdf">highlighted</a> an over-reliance on instruments such as circulars. As per their study, between 2014 and 2016, RBI and SEBI issued 1,016 and 122 circulars, as against 48 and 51 regulations, respectively. These circulars are not bound by the same pre-consultative mandate nor are they mandated to be laid before the Parliament. While circulars may have been intended for routine to routinely used to lay down administrative or procedural requirements, the study narrows its frame of reference to circulars which lay down substantive regulatory requirements. In this instance, it is unclear why parliamentary scrutiny is mandated for regulations alone, and not for instruments like circulars and directions, even though they lay down similarly substantive requirements. Furthermore, there have also been<a href="https://indiacorplaw.in/2014/11/are-sebis-faqs-binding-on-partiessebi.html"> instances</a> where certain instruments like FAQs have gone beyond their advisory scope to provide new directions or definitions that were not previously shared under binding instruments like regulations or circulars.</p>
<p>The DPA has been provided specific powers to issue regulations, codes of practice, and directions. However, the rationale for issuing one instead of the other has been <a href="https://www.medianama.com/2020/01/223-pdp-bill-2019-data-protection-authority/">absent</a> from the PDP Bill so far. In such a scenario, it is important that the DPA transparently outlines the <em>types</em> of instruments it wishes to use, whether they are binding or advisory, and the procedure to be followed for issuing each.</p>
<p><strong>Pre-legislative consultative rule-making</strong></p>
<ol></ol>
<p>Participatory and consultative processes have emerged as core components of democratic rule-making by regulators. Transparent consultative mechanisms could also ameliorate capacity challenges in a new regulator (particularly for technical matters) and help enhance public confidence in the regulator.</p>
<p style="text-align: justify;">In India, several regulators have adopted consultation mechanisms even when there is no specific statutory requirement. <a href="https://www.sebi.gov.in/sebiweb/home/HomeAction.do?doListing=yes&sid=4&smid=35&ssid=38">SEBI</a> and <a href="https://ibbi.gov.in/public-comments/comments-on">IBBI</a> routinely issue discussion papers and consultation papers. The RBI also issues draft instruments <a href="https://www.rbi.org.in/Scripts/DraftNotificationsGuildelines.aspx">soliciting comments</a>. As discussed previously, TRAI and AERA have distinct transparency mandates under which they carry out consultations before issuing regulations. However, these processes are not mandated all forms of subordinate legislation. Taking cognizance of this, the Financial Sector Legislative Reform Committee (FSLRC) has <a href="https://dea.gov.in/sites/default/files/fslrc_report_vol1_1.pdf">recommended</a> transparency in the regulation-making process. This was <a href="https://dea.gov.in/sites/default/files/Handbook_GovEnhanc_fslrc_2.pdf">carried forward</a> by the Financial Stability and Development Council (FSDC), which recommended that consultation processes should be a prerequisite for all subordinate legislations, including circulars, guidelines, etc. A <a href="https://static1.squarespace.com/static/59c0077a9f745650903ac158/t/5cb62147104c7ba2eaf637e4/1555439944606/Burman+V2.pdf">study</a> on regulators’ adherence to these mandates, spanning TRAI, AERA, SEBI, and RBI, demonstrated that this pre-consultation mandate is followed inconsistently, if at all. Predictable consultation practices are therefore critical.</p>
<p style="text-align: justify;">Furthermore, the study stated that it <a href="https://static1.squarespace.com/static/59c0077a9f745650903ac158/t/5cb62147104c7ba2eaf637e4/1555439944606/Burman+V2.pdf">could not determine</a> whether the consultation processes yielded meaningful participation, given that regulators are not obligated to disclose how public feedback was integrated into the rule-making process. Subordinate legislations issued in the form of circulars and guidelines also do not typically undergo the same rigorous consultation processes. Thus, an ideal consultation framework would <a href="https://ec.europa.eu/info/sites/default/files/better_regulation_joining_forces_to_make_better_laws_en_0.pdf">comprise</a>:</p>
<ul>
<li style="text-align: justify;">Publication of the draft subordinate legislation along with a detailed explanation of the policy objectives. Further, the regulator should publish the internal or external studies conducted to arrive at the proposed legislation to <a href="https://legalinstruments.oecd.org/public/doc/669/51f6da97-c198-4c93-922f-1a5d80beae86.pdf">engender</a> meaningful discussion.</li>
<li>Permitting sufficient time for the public and interested stakeholders to respond to the draft.</li>
<li>Publishing all feedback received for the public to assess, and allowing them to respond to the feedback.</li></ul>
<p>However, beyond specifying the manner of conducting consultations, it will be important for the DPA to determine where they are mandatory and binding, and for which type of subordinate legislations. These are discussed in the next section.</p>
<p><strong>Choice of consultation mandates for distinct regulatory instruments</strong></p>
<ol></ol>
<p style="text-align: justify;">While the Bill provides for consultation processes for issuing and approving codes of practice, no such mechanism has been set out for other instruments. Nevertheless, specifying consultation mandates for different regulatory instruments is important to ensure that decision-making is consistent and regulation-making remains bound by transparent and accountable processes. As discussed above, regulatory instruments such as circulars and FAQs are not necessarily bound by the same consultation mandates in India. This distinction has been clarified in more sophisticated administrative law frameworks abroad. For instance, under the Administrative Procedures Act in the United States (US), all substantive rules made by regulatory agencies are <a href="https://www.reginfo.gov/public/reginfo/Regmap/regmap.pdf">bound</a> by a consultation process, which requires notice of the proposed rule-making and public feedback. This does <a href="https://www.federalregister.gov/uploads/2011/01/the_rulemaking_process.pdf">not preclude</a> the regulatory agency from issuing clarifications, guidelines, and supplemental information on the rules issued. These documents do not require the consultation process otherwise required for formal rules. However, they cannot be used to expand the scope of the rules, set new legal standards, or have the effect of amending the rules. Nevertheless, agencies are not precluded from choosing to seek public feedback on such documents.</p>
<p style="text-align: justify;">Similarly, the Information Commissioner’s Office in the United Kingdom (UK) takes into consideration <a href="https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/">public consultations</a> and <a href="https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/ico-call-for-views-on-employment-practices/">surveys</a> while issuing toolkits and guidance for regulated entities on how to comply with the data protection framework in the UK.</p>
<p style="text-align: justify;">Here, the DPA may choose to subject strictly binding instruments like regulations and codes of practice to pre-legislative consultation mandates, while softer mechanisms like FAQs may be subject to the publication of a detailed outline of the policy objective or online surveys to invite non-binding, advisory feedback. For each of these, the DPA will nonetheless need to create specific criteria by which it classifies instruments as binding and advisory, and further outline specific pre-legislative mandates for each category.</p>
<p><strong>Framework for issuing regulatory instruments and instructions</strong></p>
<ol></ol>
<p style="text-align: justify;">While the DPA is likely to issue several instruments, the system based on which these instruments will be issued is not yet clear. Without a clearly thought-out framework, different departments within the regulator <a href="https://www.nipfp.org.in/media/medialibrary/2018/08/WP_237_2018_0ciIwuT.pdf">typically issue</a> a series of directions, circulars, regulations, and other instruments. This raises questions regarding the consistency between instruments. This also requires stakeholders to go through multiple instruments to find the position of law on a given issue. Older Indian regulators are now facing challenges in adapting their ad hoc system into a framework. For example, the RBI currently issues a series of circulars and guidelines that are periodically consolidated on a subject-matter basis as Master Circulars and Master Directions. These are then updated and published on their website. IBBI also publishes <a href="https://ibbi.gov.in/uploads/publication/e42fddce80e99d28b683a7e21c81110e.pdf">handbooks</a> and <a href="https://ibbi.gov.in/publication/information-brochures">information brochures</a> that consolidate instruments in an accessible manner.</p>
<p style="text-align: justify;">While these are useful improvements, these practices cannot keep pace with rapid changes in regulatory instructions and are not complete or user-friendly (for example, the subject-matter based consolidation does not allow for filtering regulatory instructions by entity). Other jurisdictions have developed different techniques such as formal codification processes to consolidate regulations issued by government agencies under one <a href="https://www.govinfo.gov/help/cfr">unified code</a>, <a href="https://www.oaic.gov.au/privacy/privacy-registers/privacy-codes-register/">register</a>, or <a href="https://www.handbook.fca.org.uk/handbook">handbook</a>, websites that allow for searches based on different parameters (subject-matter, type of instrument, chronology, entity-based), and <a href="https://www.handbook.fca.org.uk/handbook-guides">guides</a> tailored to different types of entities. The DPA, as a new regulator, can learn from this experience and adopt a consistent framework right from the beginning.</p>
<p style="text-align: justify;">Further, an ethos of responsive regulation also requires the DPA to evaluate and revise directions and regulations periodically, in response to market and technology trends. A commitment to periodic evaluation of subordinate legislations entrenched in the rules is critical to reducing the dependence on officials and leadership, which may change. For instance, the <a href="https://www.ibbi.gov.in/webadmin/pdf/whatsnew/2018/Oct/Mechanism%20for%20issuing%20regulations%20October%20after%20Board%20meeting%20final_2018-10-22%2020:42:06.pdf">IBBI</a> has set out a mandatory review of regulations issued by it every three years.</p>
<p><strong>Dedicating capacity for drafting subordinate legislations</strong></p>
<ol></ol>
<p style="text-align: justify;">The DPA has been granted the discretion to appoint experts and staff its offices with the personnel it needs. A <a href="https://www2.deloitte.com/content/dam/Deloitte/nl/Documents/risk/deloitte-nl-risk-reports-resources.pdf">study</a> of European data protection authorities shows that by the time the General Data Protection Regulation, 2016 became effective, most of the authorities increased the number of employees with some even reporting a 240% increase. The annual spending on the authorities also went up for most countries. While these authorities do not necessarily frame subordinate legislations, they nonetheless create guidance toolkits and codes of practice as part of their supervisory functions.</p>
<p style="text-align: justify;">In this regard, the DPA will need to ensure it has dedicated capacity in-house to draft subordinate legislations. Since regulators are generally seen as enforcement authorities, there is inadequate investment in capacity-building for drafting legislations in India.</p>
<p style="text-align: justify;">Moreover, considering the multiplicity of instruments and guidance documents the DPA is expected to issue, it may seek to create templates for these instruments, along with compulsory constituents of different types of instruments. For instance, the Office of the Australian Information Commissioner is required to include a <a href="https://www.oaic.gov.au/privacy/guidance-and-advice/guidelines-for-developing-codes/">mandatory set of components</a> while issuing or approving binding industry codes of practice.</p>
<h3 style="text-align: justify;">Conclusion</h3>
<p style="text-align: justify;">The Personal Data Protection Bill, 2019 (in the final form recommended by the JPC and accepted by the MeitY) will usher in a new chapter in India’s data protection timeline. While the Bill will finally effectuate a nearly comprehensive data protection framework for India, it will also establish a new regulatory framework that sets up a new regulator, the DPA, to oversee the new data protection law. This DPA will be empowered to regulate entities across sectors and is likely to determine the success of the data protection law in India.</p>
<p style="text-align: justify;">Furthermore, the DPA must not only contend with the complexity of markets and the fast pace of technological change, but it must also address <a href="https://blog.theleapjournal.org/2018/02/a-pragmatic-approach-to-data-protection.html">anticipated</a> regulatory capacity deficits, low levels of user literacy, the number and diversity of enities within its regulatory ambit, and the need to secure individual privacy within and outside the digital realm.</p>
<p style="text-align: justify;">Thus, looking ahead, we must account for the questions of governance that the forthcoming DPA is likely to face, as these will directly impact how entities and citizens engage with the DPA. In India, regulatory agencies adopt distinct choices to fulfil their functions. Regulators have also <a href="https://static1.squarespace.com/static/59c0077a9f745650903ac158/t/5cb62147104c7ba2eaf637e4/1555439944606/Burman+V2.pdf">fared variably</a> in ensuring transparent and accountable decision-making driven by demonstrable expertise. Even if the final form of the PDP Bill does not address these gaps, the DPA has the opportunity to integrate benchmarks and best practices as discussed above within its own governance framework from the get-go as it takes on its daunting responsibilities under the PDP Bill.</p>
<p style="text-align: justify;"><em>(<span id="docs-internal-guid-6bf51b9e-7fff-d2ac-d0fb-f42bcdd7f599">The authors are Research Fellow, Law, Technology and Society Initiative and Project Lead, Regulatory Governance Project respectively at the National Law School of India University, Bangalore. Views are personal.)</span></em></p>
<em>
</em>
<p style="text-align: justify;"><span id="docs-internal-guid-6bf51b9e-7fff-d2ac-d0fb-f42bcdd7f599"><em>This post was reviewed by Vipul Kharbanda and Shweta Mohandas</em><br /></span></p>
<h3 style="text-align: justify;">References</h3>
<ul>
<li style="text-align: justify;">For a discussion on distinct regulatory choices, please see TV Somanathan, <em>The Administrative and Regulatory State</em> in Sujit Choudhary, Madhav Khosla, et al. (eds), <a href="https://www.oxfordhandbooks.com/view/10.1093/law/9780198704898.001.0001/oxfordhb-9780198704898">Oxford Handbook of the Indian Constitution</a> (2016).</li>
<li style="text-align: justify;">On best practices for consultative law-making, see generally <em>European Union Better Regulation </em><a href="https://ec.europa.eu/info/sites/default/files/better_regulation_joining_forces_to_make_better_laws_en_0.pdf"><em>Communication</em></a>, <em>Guidelines for Effective Regulatory Consultations </em>(<a href="https://www.tbs-sct.gc.ca/rtrap-parfa/erc-cer/erc-cer-eng.pdf">Canada</a>), and<em> </em><a href="https://read.oecd-ilibrary.org/governance/the-governance-of-regulators_9789264209015-en#page81"><em>OECD</em></a><em> </em><em>Best Practice Principles for Regulatory Policy: The Governance of Regulators</em>,<em> 2014.</em></li></ul>
<hr align="left" size="1" width="33%" />
<p><a href="file:///C:/Users/Admin/AppData/Local/Temp/211105_Governance%20Choices%20for%20the%20DPA%20(1).docx#_ftnref1"><sup><sup>[1]</sup></sup></a> Personal Data Protection Bill 2019, § 50(3).</p>
<p><a href="file:///C:/Users/Admin/AppData/Local/Temp/211105_Governance%20Choices%20for%20the%20DPA%20(1).docx#_ftnref2"><sup><sup>[2]</sup></sup></a> Personal Data Protection Bill 2019, § 50(4).</p>
<p><a href="file:///C:/Users/Admin/AppData/Local/Temp/211105_Governance%20Choices%20for%20the%20DPA%20(1).docx#_ftnref3"><sup><sup>[3]</sup></sup></a> Personal Data Protection Bill 2019, § 51.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/trishi-jindal-and-s-vivek-beyond-the-pdp-bill'>http://editors.cis-india.org/internet-governance/blog/trishi-jindal-and-s-vivek-beyond-the-pdp-bill</a>
</p>
No publisherTrishi Jindal and S.VivekInternet GovernanceData ProtectionPrivacy2021-11-10T07:32:33ZBlog EntryBig Tech’s privacy promise to consumers could be good news — and also bad news
http://editors.cis-india.org/internet-governance/blog/indian-express-rajat-kathuria-isha-suri-big-tech-consumers-privacy-policy
<b>Rajat Kathuria, Isha Suri write: Its use as a tool for market development must balance consumer protection, innovation, and competition.</b>
<p style="text-align: justify; ">In February, Facebook, rebranded as Meta, stated that its revenue in 2022 is anticipated to reduce by $10 billion due to steps undertaken by Apple to enhance user privacy on its mobile operating system. More specifically, Meta attributed this loss to a new AppTrackingTransparency feature that requires apps to request permission from users before tracking them across other apps and websites or sharing their information with and from third parties. Through this change, Apple effectively shut the door on “permissionless” internet tracking and has given consumers more control over how their data is used. Meta alleged that this would hurt small businesses benefiting from access to targeted advertising services and charged Apple with abusing its market power by using its app store to disadvantage competitors under the garb of enhancing user privacy.</p>
<hr />
<p style="text-align: justify; ">Access the full article published in the <a class="external-link" href="https://indianexpress.com/article/opinion/columns/big-tech-consumers-privacy-policy-7866701/">Indian Express</a> on April 13, 2022</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/indian-express-rajat-kathuria-isha-suri-big-tech-consumers-privacy-policy'>http://editors.cis-india.org/internet-governance/blog/indian-express-rajat-kathuria-isha-suri-big-tech-consumers-privacy-policy</a>
</p>
No publisherRajat Kathuria and Isha SuriInternet GovernancePrivacy2023-01-18T23:25:28ZBlog EntryUN Questionnaire on Digital Innovation, Technologies and Right to Health
http://editors.cis-india.org/internet-governance/un-questionnaire-digital-innovation-technologies-right-to-health
<b>The Centre for Internet & Society (CIS) contributed to the questionnaire put out by the Office of the United Nations High Commissioner for Human Rights, on digital innovation, technologies and the right to health. The responses were authored by Pahlavi and Shweta Mohandas, and edited by Indumathi Manohar. </b>
<h3 style="text-align: center; "><img src="http://editors.cis-india.org/home-images/United.png" alt="United" class="image-inline" title="United" /></h3>
<h3 style="text-align: center; "><span style="text-decoration: underline;"><span><b>Questionnaire</b></span></span></h3>
<p style="text-align: justify; "><br /><b>1. What are benefits of increased use of digital technologies in the planning and delivery of health information, services and care? Consider the use of digital technologies for healthcare services, the collection and use of health-related data, the rise of social media and mobile phones, and the use of artificial intelligence specifically to plan and deliver healthcare. Please share examples of how such technologies benefited specific groups. How have digital technologies contributed to availability, accessibility, acceptability and quality of healthcare? Has the use of artificial intelligence improved access to health information, services and care? Please comment on existing or emerging biases in health information, services and care.</b></p>
<p style="text-align: justify; ">The use of digital technologies and forms of digital health interventions has seen an increase in interest from governments, industries, as well as individuals since the beginning of the pandemic. The lockdowns, and other social distancing measures created a push towards telemedicine and online consultations. Digital health services provide a number of people the opportunity to seek medical help without traveling, which particularly help people with accessibility needs, the elderly, and anyone else that has difficulty in movement.1 Telemedicine can also help meet the challenges of healthcare delivery to rural and remote areas, in addition to serving as a means of training and education.2</p>
<p style="text-align: justify; ">The pandemic brought about a push towards telehealth and telemedicine and the telemedicine market has been reported to touch $5.4 Bn by 2025,3 with a number of applications working to make it more accessible to people in India. With respect to AI there has been some adoption of AI in India to help the most vulnerable group of people. For example: Microsoft has teamed up with the Government of Telangana to use cloud-based analytics for the Rashtriya Bal Swasthya Karyakram program by adopting MINE (Microsoft Intelligent Network for Eyecare), an AI platform to reduce avoidable blindness in children.4 Similarly Philips Innovation Campus (PIC) in Bengaluru, Karnataka is harnessing technology to make solutions for TB detection from chest x-rays, and a software solution (Mobile Obstetrics Monitoring) to identify and manage high-risk pregnancies.5 More recently IWill by ePsyClinic, a mental-health platform in India, has received a grant from Microsoft's 'AI for Accessibility' program to accelerate the building of a Hindi-based AI Mental Health conversational program.6</p>
<p style="text-align: justify; ">However the use of digital technologies and online medical interventions has also widened the increasing gap between those who can afford a smart phone and internet and those who cannot. A digital-only health intervention also results in excluding a wide number of people who do not have a smartphone, for example the Indian contact-tracing app, Aarogya Setu, which was a mandatory download to access public places during the lockdown was initially only available via a smartphone. Additionally, the app initially was not compatible with screen readers.7 The disparities in digital access and infrastructure is not limited to individuals— a report by the Ministry of Electronics and Information Technology India highlighted that the government hospitals and dispensaries have very little ICT infrastructure with only some major public hospitals having computers and connectivity.8</p>
<p style="text-align: justify; ">As stated above, the adoption of digital health technologies is not uniform around the world, and the people who are not able to access these technologies missed being included in the data that is being collected by these systems, further excluding from the data set which might be used to train future interventions. In the same light, digital technologies such as AI based screening are based on historical data that have been proved to contain biases against</p>
<p style="text-align: justify; ">marginalised communities. Continuing to use these systems without addressing these biases and or including more diverse dataset results in the same people being marginalised and misdiagnosed further. For example, safety apps where data is provided by limited people could identify Dalit and Muslim areas as unsafe, reflecting the prejudices of the app’s middleand upper-class users.9 While this has not been revealed in healthcare apps, the growing use of CCTVs and subsequent use of facial recognition in only certain pockets of the city reveal the historical biases in the police system that lead to targeted surveillance.10</p>
<p style="text-align: justify; "><b>2. How has the rise of web platforms and social media increased access to health information and services, or conversely, increased risk of misdiagnosis or other harms? Please share examples of ways in which social media and web platforms facilitated innovation in access to evidence-based health information and services, or created new threats of discrimination, mental health harms, or online or offline violence.</b></p>
<p style="text-align: justify; ">Social media platforms have helped people immensely during the pandemic. For example, when people reached out to strangers for help for hospital beds and oxygen. However, the benefits of such were limited to people who were on social media and had the reach and networks to share such information.11Furthermore, social media and messaging apps such as Whatsapp also led to the spread of misinformation during the pandemic. For example a Whatsapp message claiming to be from the Ministry of Aayush which permitted homeopathy doctors to treat Covid19 spread significantly, leading to the official government channels clarifying that it is fake and cautioning people against it.12 It was also noted that at times when women shared requests for beds or oxygen during covid on social media, they were faced with fake calls, stalking and trolling on social media, making it harder for them to seek help.</p>
<p style="text-align: justify; "><b>3. How has the right to privacy been impacted by the use of digital technologies for health? Please share examples of ways in which data gathered from digital technologies have been used by States, commercial entities or other third parties to either benefit or harm groups regarding the right to health.</b></p>
<p style="text-align: justify; ">In 2006, the National e-Governance Plan (NeGP) was approved by the Indian State wherein a massive infrastructure was developed to reach the remotest corners and facilitate easy access of government services efficiently at affordable costs.13There has been a paradigm shift in the Indian state’s governance strategy, with severe implications for privacy and inclusion. However, this shift has been undertaken primarily through a series of administrative orders with no real legislative mandate and minimal judicial oversight. This digitisation began with services such as taxation, land record, passport details, but it soon extended its ambit, and it now covers most services for which the citizen is dependent upon the state— the latest being digital health.</p>
<p style="text-align: justify; ">In the Indian context, there have been a number of policies that have been published which dealt with digital health. The policies looked at creating a digital health ID, digitisation of health data, and the management of health data. However these policies are being introduced without the existence of a comprehensive data protection legislation. While there are certain safeguards mentioned in each policy, without privacy and data protection legislation it is impossible to ensure compliance and the rights of the data owners. This issue became a reality when during the vaccination for Covid, some vaccination centres created Health ID for people without their consent.14</p>
<p style="text-align: justify; "><b>4. What are current strengths or weaknesses of digital health governance at national, regional and global levels? Please provide examples of laws, regulations or other safeguards that has been put in place to protect and fulfill the rights to health, privacy, and confidentiality within the use of digital technologies for health? Do restrictive laws or law enforcement create any specific challenges for persons using digital technologies to access health information or services?</b></p>
<p style="text-align: justify; ">Digitisation of the healthcare system in India had started prior to the pandemic. However, the pandemic also saw a slew of digitisation policies being rolled out, the most notable being the National Digital Health Mission (re-designed as the Aayushman Bharat Digital Mission) which empowered and saw the government use the vaccination process to generate Health IDs for citizens, in several reported cases without their knowledge or consent.15 The entire digitisation process has been undertaken in the absence of any legislative mandate or judicial oversight. It has primarily been undertaken through issuance of executive notifications and resulting in absent or inadequate grievance redressal mechanisms.</p>
<p style="text-align: justify; ">The rollout of the NDHM also saw health IDs being generated for citizens. In several reported cases across states, this rollout happened during the Covid-19 vaccination process— without the informed consent of the concerned person. All of these developments took place in the absence of a data protection law and a law regulating the digital health sphere, raising critical concerns around citizens’ privacy and the governance and oversight mechanisms for digital health initiatives.</p>
<hr />
<ol>
<li style="text-align: justify; "> Valdez, R. S., Rogers, C. C., Claypool, H., Trieshmann, L., Frye, O., Wellbeloved-Stone, C., & Kushalnagar, P. (2021). Ensuring full participation of people with disabilities in an era of telehealth. Journal of the American Medical Informatics Association, 28(2), 389-392.</li>
<li style="text-align: justify; ">Paul, Hickok, Sinha, & Tiwari. (2018). Artificial Intelligence in the Healthcare Industry in India. Centre for Internet and Society India. Retrieved November 15, 2022, from https://cis-india.org/internet-governance/ai-and-healthcare-report/view</li>
<li style="text-align: justify; ">Dayalani, V., K., H., S., G., R., T., & M., L. (2021, February 15). 1mg Rises In Indian Telemedicine Space As Sector Set To Touch $5.4 Bn Market Size by 2025. Inc42 Media. Retrieved November 15, 2022, from https://inc42.com/datalab/telemedicine-a-post-covid-reality-in-india/</li>
<li style="text-align: justify; ">Government of Telangana adopts Microsoft Cloud and becomes the first state to use Artificial Intelligence for eye care screening for children - Microsoft Stories India. (2017, August 3). Microsoft Stories India. Retrieved November 15, 2022, from https://news.microsoft.com/en-in/governmenttelangana-adopts-microsoft-cloud-becomes-first-state-use-articial-intelligence-eye-care-screeningchildren/</li>
<li style="text-align: justify; ">D’Monte, L. (2017, February 15). <i>How Philips is using AI to transform healthcare</i>. Mint. Retrieved November 15, 2022, from https://www.livemint.com/Science/yxgekz1jJJ3smvvRLwmaAL/How-Philips-is-using-AI-to-transformhealthcare.html</li>
<li style="text-align: justify; ">PTI. (2022, November 11). Microsoft supports IWill with “AI for Accessibility” grant to develop AI CBT mental health program for 615 million Hindi users. Microsoft Supports IWill With “AI for Accessibility”Grant to Develop AI CBT Mental Health Program for 615 Million Hindi Users. Retrieved November 15,2022, from https://www.ptinews.com/pti/Microsoft-supports-IWill-with--AI-for-Accessibility--grant-todevelop-AI-CBT-mental-health-program-for-615-million-Hindi-users/58238.html</li>
<li style="text-align: justify; ">Nath. (2020, May 2). <i>Coronavirus | Mandatory Aarogya Setu app not accessible to persons with disabilities</i>.Coronavirus | Mandatory Aarogya Setu App Not Accessible to Persons With Disabilities - the Hindu. Retrieved November 15, 2022, from https://www.thehindu.com/news/national/coronavirus-mandatory-aarogya-setu-app-notaccessible-to-persons-with-disabilities/article31489933.ece</li>
<li style="text-align: justify; ">Sharma, N. C. (2018, July 16). <i>Adoption of e-medical records facing infra hurdles: Report</i>. Mint. Retrieved November 15, 2022, from https://www.livemint.com/Politics/CucBmKaoWLZuSf1Y9VaafM/Adoption-of-emedical-recordsfacing-infra-hurdles-Report.html</li>
<li style="text-align: justify; ">https://www.livemint.com/news/world/ai-algorithms-far-from-neutral-in-india-11613617957200.html</li>
<li style="text-align: justify; ">Vipra. (n.d.). <i>The Use of Facial Recognition Technology for Policing in Delhi</i>. Vidhi Centre for Legal Policy. Retrieved November 15, 2022, from https://vidhilegalpolicy.in/research/the-use-of-facial-recognition-technology-for-policingin-delhi/</li>
<li style="text-align: justify; ">Kalra, A., & Ghoshal, D. (2021, April 21). Twitter becomes a platform of hope amid the despair of India’s COVID crisis. Reuters. Retrieved November 15, 2022, from https://www.reuters.com/world/india/twitterbecomes- platform-hope-amid-despair-indias-covid-crisis-2021-04-21/</li>
<li style="text-align: justify; ">Times of India . (2020, April 29). WhatsApp message on Homeopathy and coronavirus treatment is fake- Times of India. The Times of India. Retrieved November 15, 2022, from https://timesondia.indiatimes.com/gadgets-news/whatsapp-message-on-homeopathy-and-coronavirustreatment-is-fake/articleshow/75425274.cms</li>
<li style="text-align: justify; ">Amber Sinha, Pallavi Bedi and Amber Sinha, “Techno-Solutinist Responses to Covid 19”, EPW, Vol LVI, No. 29, July 17, 2021 Retrieved from: https://www.epw.in/journal/2021/29/commentary/technosolutionist-responses-covid-19.html</li>
<li style="text-align: justify; ">Rana, C. (2021, October 1). <i>COVID-19 vaccine beneficiaries were assigned unique health IDs without their consent</i>.The Caravan. Retrieved November 15, 2022, from https://caravanmagazine.in/health/covid-19-vaccinebeneficiaries-were-assigned-unique-health-ids-without-their-consent</li>
</ol>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/un-questionnaire-digital-innovation-technologies-right-to-health'>http://editors.cis-india.org/internet-governance/un-questionnaire-digital-innovation-technologies-right-to-health</a>
</p>
No publisherPahlavi and Shweta MohandasDigital MediaDigital TechnologiesInternet GovernanceDigital Governance2022-11-21T16:10:06ZBlog EntryThe PDP Bill 2019 Through the Lens of Privacy by Design
http://editors.cis-india.org/internet-governance/blog/the-pdp-bill-2019-through-the-lens-of-privacy-by-design
<b>This paper evaluates the PDP Bill based on the Privacy by Design approach. It examines the implications of Bill in terms of the data ecosystem it may lead to, and the visual interface design in digital platforms. This paper focuses on the notice and consent communication suggested by the Bill, and the role and accountability of design in its interpretation. </b>
<h2>Background</h2>
<div> </div>
<p>The Personal Data Protection (PDP) Bill, 2019 was introduced in the Lok Sabha on December 11, 2019 by the Minister of Electronics and Information Technology. The Bill aims to provide for protection of personal data of individuals, and establishes a Data Protection Authority for the same <a class="external-link" href="https://www.prsindia.org/billtrack/personal-data-protection-bill-2019">[1]</a>. The PDP Bill, 2019 contains several clauses that have implications on the visual design of digital products. These include the specific requirements for communication of notice and consent at various stages of the product. The Bill also introduces the Privacy by Design policy. Privacy by Design (PbD), as a concept, was proposed by Ann Cavoukian in the 1990s, with the purpose of approaching privacy from a design-thinking perspective <a class="external-link" href="https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf">[2]</a>. She describes this perspective to be holistic, interdisciplinary, integrative, and innovative. The approach suggests that privacy must be incorporated into networked data systems and technologies, by default <a class="external-link" href="https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf">[3]</a>. It challenges the practice of enhancing privacy as an afterthought. It expects privacy to be a default setting, and a proactive (not reactive) measure that would be embedded into a design in its initial stage and throughout the life cycle of the product <a class="external-link" href="https://www.smashingmagazine.com/2019/04/privacy-ux-aware-design-framework/">[4]</a>. While PbD is a conceptual framework, it’s application can change the way digital platforms are created and the way in which people interact with them. From devising a business model, to making technological decisions, PbD principles can make privacy integral to the processes and standards of a digital platform.</p>
<p><br />The PDP Bill states that data fiduciaries are required to prepare a Privacy by Design policy and have it certified by the Data Protection Authority. According to the Bill, the policy would contain the managerial, organisational, business practices and technical systems designed to anticipate, identify and avoid harm to the data principal <a class="external-link" href="http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf">[5]</a>. It would mention if the technology used in the processing of personal data is in accordance with the certified standards. It would also comprise of the ways in which privacy is being protected throughout the stages of processing of personal data, and that the interest of the individual is accounted for in each of these stages. Once certified by the Data Protection Authority, the data fiduciaries are also required to publish this policy on their website <a class="external-link" href="https://sflc.in/key-changes-personal-data-protection-bill-2019-srikrishna-committee-draft">[6]</a>. This forces the data fiduciaries to envision privacy as a fundamental requirement and not an afterthought. Such a policy would have a huge impact in the way digital platforms are conceptualised, both from the technological and the design point of view. The adoption of this policy by digital platforms would enable people to know if their privacy is protected by the companies, and what are the various steps being taken for this purpose. Besides the explicit Privacy by Design policy, the PDP Bill, 2019, also recommends the regulations for data minimisation, establishment of the Data Protection Authority (DPA), and the development of a consent framework. These steps are also part of the Privacy by Design approach.</p>
<p><br />This paper evaluates the PDP Bill based on the Privacy by Design approach. The Bill’s scope includes both the conceptual and technological aspects of a digital platform, as well as the interface aspect that the individual using the platform faces. The paper will hence analyse how PbD approach is reflected in both these aspects. At the conceptual level, it will look at the data ecosystem that the Bill unwittingly creates, and at the interface level, it will critically analyse the Bill’s implication on the notice and consent communication in the digital products. This includes the several points of communication or touchpoints between a company and an individual using their service, as dictated by the Bill, and how they would translate into visual design. Visual design forms an integral part of digital platforms. It is the way in which the platforms interact with the individuals. The choices made by individuals are largely driven by the visual structuring and presentation of information on these platforms. Presently, the interface design in several platforms is being used to perpetuate unethical data practices in the form of dark patterns. Dark Patterns are deceptive user interface interactions, designed to mislead or trick users to make them do something they don’t want to do<a class="external-link" href="https://uxdesign.cc/dark-patterns-in-ux-design-7009a83b233c"> [7]</a>. The design of the notice and consent touchpoints can significantly influence the enforcement of this Bill, and how it benefits individuals. Moreover, digital platforms may technically follow the regulations but can still be manipulative through their interface design. Thus, the role and accountability of design becomes crucial in the interpretation of the data protection regulations.</p>
<p> </p>
<p>The full paper can be read <a href="http://editors.cis-india.org/internet-governance/the-pdp-bill-2019-through-the-lens-of-privacy-by-design/at_download/file" class="external-link">here</a>.</p>
<p>[1] <a class="external-link" href="https://www.prsindia.org/billtrack/personal-data-protection-bill-2019">https://prsindia.org/billtrack/personal-data-protection-bill-2019</a> </p>
<p>[2] <a class="external-link" href="https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf">https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf</a></p>
<p>[3] <a class="external-link" href="https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf">https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf</a></p>
<p>[4] <a class="external-link" href="https://www.smashingmagazine.com/2019/04/privacy-ux-aware-design-framework/">https://www.smashingmagazine.com/2019/04/privacy-ux-aware-design-framework/</a></p>
<p>[5] <a class="external-link" href="http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf">http://164.100.47.4/BillsTexts/LSBillTexts/Asintroduced/373_2019_LS_Eng.pdf</a></p>
<p>[6] <a class="external-link" href="https://sflc.in/key-changes-personal-data-protection-bill-2019-srikrishna-committee-draft">https://sflc.in/key-changes-personal-data-protection-bill-2019-srikrishna-committee-draft</a></p>
<p>[7] <a class="external-link" href="https://uxdesign.cc/dark-patterns-in-ux-design-7009a83b233c">https://uxdesign.cc/dark-patterns-in-ux-design-7009a83b233c</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-pdp-bill-2019-through-the-lens-of-privacy-by-design'>http://editors.cis-india.org/internet-governance/blog/the-pdp-bill-2019-through-the-lens-of-privacy-by-design</a>
</p>
No publisherSaumyaa Naidu, Akash Sheshadri, Shweta Mohandas, and Pranav M Bidare; Edited by Arindrajit Basu, Shweta Reddy; With inputs from Amber SinhaDesignInternet GovernanceData ProtectionPrivacy2020-11-13T07:51:03ZBlog EntryThe Wolf in Sheep's Clothing: Demanding your Data
http://editors.cis-india.org/internet-governance/blog/the-wolf-in-sheeps-clothing-demanding-your-data
<b>The increasing digitalization of the economy and ubiquity of the Internet, coupled with developments in Artificial Intelligence (AI) and Machine Learning (ML) has given rise to transformational business models across several sectors.</b>
<p> </p>
<p>This piece was originally published in <a class="external-link" href="https://telecom.economictimes.indiatimes.com/tele-talk/the-wolf-in-sheep-s-clothing-demanding-your-data/4497">The Economic Times Telecom</a>, on 8 September, 2020.<span class="css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0"></span></p>
<p>The increasing digitalization of the economy and ubiquity of the <a href="https://telecom.economictimes.indiatimes.com/tag/internet">Internet</a>, coupled with developments in <a href="https://telecom.economictimes.indiatimes.com/tag/artificial+intelligence">Artificial Intelligence</a>
(AI) and Machine Learning (ML) has given rise to transformational
business models across several sectors. These developments have changed
the very structure of existing sectors, with a few dominant firms
straddling across many sectors. The position of these firms is
entrenched due to the large amounts of data they have, and usage of
sophisticated algorithms that deliver very targeted service/content and
their global nature.<br /><br /></p>
<p>Such data based network businesses
are generally multi-sided platforms subject to network effects and
winner takes all phenomena, often, making traditional competition
regulation inappropriate. In addition, there has been concern that such
companies hurt competition as they are owners of large amounts of data
collected globally, the very basis on which new services are predicated.
Also since users have an inertia to share their data on multiple
platforms, new companies find it very challenging to emerge. Several of
the large companies are of US origin. Several regions/countries such as
EU, UK, India are concerned that while these companies benefit from the
data of their citizens or their <a href="https://telecom.economictimes.indiatimes.com/tag/devices">devices</a>,
SMEs and other companies in their own countries find it increasingly
difficult to remain viable or achieve scale. With the objective of
supporting enterprises, including SMEs in their own countries, Europe,
UK India are in different stages of data regulation initiatives.<br /><br /></p>
<p>In India, the <a href="https://telecom.economictimes.indiatimes.com/tag/personal+data+protection">Personal Data Protection</a>
(PDP) Bill, 2019 deals with the framework for collecting, managing and
transferring of Personal Data of Indian citizens, including mandating
sharing of anonymized data of individuals and non-personal data for
better targeting of services or policy making. In addition, the Report
by the Committee of Experts (CoE) on Non Personal Data (NPD) came up
with a Framework for Regulating NPD. Since the NPD Report is a more
recent phenomenon, this articles analyzes some aspects of it.<br /><br /></p>
<p>According
to CoE, non-personal data could be of two types. First, data or
information which was never about an individual (e.g. weather data).
Second, data or information that once was related to an individual (e.g.
mobile number) but has now ceased to be identifiable due to the removal
of certain identifiers through the process of ‘anonymisation’. However,
it may be possible to recover the personal data from such anonymized
data and therefore, the distinction between personal and non-personal is
not clean. In any case, the PDP bill 2019 deals with personal data. If
the CoE felt that some aspect of personal data (including anonymized
data) were not adequately dealt with, it should work to strengthen it.
The current approach of the CoE is bound to create confusion and
overlapping jurisdiction. Since anonymized data is required to be
shared, there are disincentives to anonymization, causing greater risk
to individual privacy.<br /><br /></p>
<p>A new class of business based on a “<em>horizontal classification cutting across different industry sectors</em>” is defined. This refers to any business that derives “<em>new or additional economic value from data, by collecting, storing, processing, and managing data</em>”
based on a certain threshold of data collected/processed that will be
defined by the regulatory authority that is outlined in the report. The
CoE also recommends that “<em>Data Businesses will provide, within India, open access to meta-data and regulated access to the underlying data</em>” without any remuneration. Further, “<em>By
looking at the meta-data, potential users may identify opportunities
for combining data from multiple Data Businesses and/or governments to
develop innovative solutions, products and services. Subsequently, data
requests may be made for the detailed underlying data</em>”.<br /><br /></p>
<p>With
increasing digitalization, today almost every business is a data
business. The problem in such categorization will be with the definition
of thresholds. It is likely that even a small video sharing app or an
AR/VR app would store/collect/process/transmit more data than say a
mid-sized bank in terms of data volumes. Further, with increasing
embedding of <a href="https://telecom.economictimes.indiatimes.com/tag/iot">IoT</a>
in various aspects of our lives and businesses (smart manufacturing,
logistics, banking etc), the amount of data that is captured by even
small entities can be huge.<br /><br /></p>
<p>The private sector, driven by
profitability, identifies innovative business models, risks capital and
finds unique ways of capturing and melding different data sets. In
order to sustain economic growth, such innovation is necessary. The
private sector would also like legal protection over these aspects of
its businesses, including the unique IPR that may be embedded in the
processing of data or its business processes. But mandating such onerous
requirements on sharing by the CoE is going to kill any private
initiative. Any regulatory regime must balance between the need to
provide a secure environment for protecting data of incumbents and
making it available to SMEs/businesses.<br /><br /></p>
<p>Meta data
provides insights to the company’s databases and processes. These are
source of competitive advantage for any company. Meta data is not
without a context. The basis of demanding such disclosure is mandated
with the proposed NPD Regulator who would evaluate such a purpose. In
practice, purposes are open to interpretation and the structure of
appeal mechanism etc is going to stall any such sharing. Would such
mandates of sharing not interfere with the existing Intellectual
Property Rights? Or the freedom to contract? Any innovation could easily
be made available to a competitor that front-ends itself with a
start-up. To mandate making such data available would not be fair.
Further, how would the NPD regulator even ensure that such data is used
for the purpose (which the proposed regulator is supposed to evaluate)
that it is sought for? In Europe, where such <a href="https://telecom.economictimes.indiatimes.com/tag/data+sharing">data sharing</a>
mandates are being considered, the focus is on public data. For private
entities, the sharing is largely based on voluntary contributions.
Compulsory sharing is mandated only under restricted situations where
market failure situations are not addressed through Competition Act and
provided legitimate interest of the data holder and existing legal
provisions are taken into account.<br /><br /></p>
<p>Further, the
compliance requirements for such Data Businesses is very onerous and
makes a mockery of “minimum government” framework of the government. The
CoE recommends that all Data Businesses, whether government NGO, or
private “<em>to disclose data elements collected, stored and processed, and data-based services offered</em>”. As if this was not enough, the CoE further recommends that “<em>Every
Data Business must declare what they do and what data they collect,
process and use, in which manner, and for what purposes (like disclosure
of data elements collected, where data is stored, standards adopted to
store and secure data, nature of data processing and data services
provided). This is similar to disclosures required by pharma industry
and in food products</em>”. Such disclosures are necessary in these
industries as the companies in this sector deal with critical aspects of
human life. But are such requirements necessary for all activities and
businesses? As long as organizations collect and process data, in a
legal manner, within the sectoral regulation, why should such
information have to be “reported”? Further, such bureaucratic processes
and reporting requirements are only going to be a burden to existing
legitimate businesses and give rise to a thriving regulatory license
raj.<br /><br /></p>
<p>Further questions that arise are: How is any
compliance agency going to make sure that all the underlying metadata is
made available in a timely manner? As companies respond to a dynamic
environment, their analysis and analytical tools change and so does the
metadata. This inherent aspect of businesses raises the question: At
what point in time should companies make their meta-data available? How
will the compliance be monitored?<br /><br /></p>
<p>Conclusion: The CoE
needs to create an enabling and facilitating an environment for data
sharing. The incentives for different types of entities to participate
and contribute must be recognized. Adequate provisions for risks and
liabilities arising out data sharing need to be thought through.
National initiatives on data sharing should not create an onerous
reporting regime, as envisaged by the CoE, even if digital.<br /><br /></p>
<p class="article-disclaimer"><em>DISCLAIMER:
The views expressed are solely of the author and ETTelecom.com does not
necessarily subscribe to it. ETTelecom.com shall not be responsible for
any damage caused to any person/organisation directly or indirectly.</em></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-wolf-in-sheeps-clothing-demanding-your-data'>http://editors.cis-india.org/internet-governance/blog/the-wolf-in-sheeps-clothing-demanding-your-data</a>
</p>
No publisherRekha JainInternet GovernanceData ProtectionArtificial Intelligence2020-11-10T17:44:13ZBlog EntryReclaiming AI Futures: Call for Contributions and Provocations
http://editors.cis-india.org/internet-governance/blog/reclaiming-ai-futures-call-for-contributions-and-provocations
<b>CIS is pleased to share this call for contributions by Mozilla Fellow Divij Joshi. CIS will be working with Divij to edit, collate, and finalise this publication. This publication will add to Divij’s work as part of the AI observatory. The work is entirely funded by Divij Joshi.</b>
<div> </div>
<div> </div>
<p id="docs-internal-guid-3165c9a9-7fff-9881-71cc-4b816e9c6877" dir="ltr"> </p>
<p> </p>
<p dir="ltr">Please visit this <a class="external-link" href="https://medium.com/@divij.joshi/reclaiming-ai-futures-call-for-contributions-and-provocations-ef6d75ce2a31">link</a> for the full call, and details on how to apply.</p>
<p> </p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/reclaiming-ai-futures-call-for-contributions-and-provocations'>http://editors.cis-india.org/internet-governance/blog/reclaiming-ai-futures-call-for-contributions-and-provocations</a>
</p>
No publisherDivij JoshiFeaturedInternet Governance2020-11-18T09:04:25ZBlog EntryComments to National Digital Health Mission: Health Data Management Policy
http://editors.cis-india.org/internet-governance/blog/comments-to-national-digital-health-mission-health-data-management-policy
<b>CIS has submitted comments to the National Health Data Management Policy. We welcome the opportunity provided to our comments on the Policy and we hope that the final Policy will consider the interests of all the stakeholders to ensure that it protects the privacy of the individual while encouraging a digital health ecosystem.
</b>
<p> </p>
<p>Read the full set of comments <a href="http://editors.cis-india.org/internet-governance/comments-to-national-digital-health-mission-health-data-management-policy-pdf" class="internal-link" title="Comments to National Digital Health Mission: Health Data Management Policy pdf">here</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/comments-to-national-digital-health-mission-health-data-management-policy'>http://editors.cis-india.org/internet-governance/blog/comments-to-national-digital-health-mission-health-data-management-policy</a>
</p>
No publisherShweta Mohandas, Pallavi Bedi, Shweta Reddy, and Saumyaa NaiduData Governanceinternet governanceInternet GovernanceHealthcare2020-10-05T15:56:51ZBlog EntryMapping Web Censorship & Net Neutrality Violations
http://editors.cis-india.org/internet-governance/blog/mapping-web-censorship-net-neutrality-violations
<b></b>
<p> </p>
<p>For over a year, researchers at the Centre
for Internet and Society have been studying website blocking by internet
service providers (ISPs) in India. We have learned that major ISPs
don’t always block the same websites, and also use different blocking
techniques. <strong>To take this study further, and map net neutrality violations by ISPs, we need your help.</strong>
We have developed CensorWatch, a research tool to collect empirical
evidence about what websites are blocked by Indian ISPs, and which
blocking methods are being used to do so. Read more about this project (<a href="https://4jok2.r.ag.d.sendibm3.com/mk/cl/f/qxKoDnnG4cR8mPZaiOr8immlHKFilRoRSYOvX_26BcZRtiN_hoo5VrFfQHbDqaES1OV6jUM0RbWCZs1ODSHr_Pf9yeJFesRxxQvyUrZm4Tlcvdjmh232QQV3fOkmrj9wiVh5LQiW1LQAprvYWmHp_s-TW5ZdNXZY07QvlFR01dKzIxnv7TorEfkyazo" target="_blank">link</a>), <strong>download CensorWatch</strong> (<a href="https://4jok2.r.ag.d.sendibm3.com/mk/cl/f/F9Wsq5zbx6VJKZxrsjYFy3Q5-jSkk0-3nr5hBfuyQiDUEKyEm_fLY6kh4W9MB7GOLoPZbowqsXDT17DEmFgMoFY4IIOEjxq0rNCtFeEc7b-0GSnRPeLDi9VmYX5WE1vGlwMvM7BPtyfmXD6lNdIWzAdjq_MpSqWRACk3JJNPhzqieJXoEoOnY8WH1rxR4HnJwDjyJHSkHgMTmWcm0POB_kDOtt2fk_GnXkkjv5LK7MxRZe8f" target="_blank">link</a>), and help determine if ISPs are complying with India’s net neutrality regulations.</p>
<div>
<p> </p>
<p><a class="external-link" href="https://play.google.com/store/apps/details?id=com.censorwatch.netprobesapp"><img src="https://cis-india.org/internet-governance/censorwatch/" alt="null" width="75%" /></a></p>
<p> </p>
<div>
<div>
<div>Learn more about website blocking in India, through our recent work on the issue —</div>
<ol><li>Using information from court orders,
user reports, and government orders, and running network tests from six
ISPs, Kushagra Singh, Gurshabad Grover and Varun Bansal presented the <strong>largest study of web blocking</strong>
in India. Through their work, they demonstrated that major ISPs in
India use different techniques to block websites, and that they don’t
block the same websites (<a href="https://4jok2.r.ag.d.sendibm3.com/mk/cl/f/mgmW9wuVo0QjRGqm9DnDQiVT4lYy3lgY5maOgjAk05baH_NWtRSfznWooMtcTgQ2a059mWk91p_lMZqJAqaRHXZOLSEQQOAMeM5RowiyfY3giKQm3aDJoYnWw7VhAHeBjdkObBFF0PYWjoC1NJi21fSZyifOWm_CvlC3gq7nxbHtejEy" target="_blank">link</a>).</li><li>Gurshabad Grover and Kushagra Singh
collaborated with Simone Basso of the Open Observatory of Network
Interference (OONI) to study <strong>HTTPS traffic blocking in India</strong> by running experiments on the networks of three popular Indian ISPs: ACT Fibernet, Bharti Airtel, and Reliance Jio (<a href="https://4jok2.r.ag.d.sendibm3.com/mk/cl/f/oP_eOysGeBOsgRW-5k8V-ReWU_DMUhykR2wN9ZAqndgHev3bxY1c8kSSviR3jjOMqzOJhP05AfK2CtHAH8-Zv21mU7uAW2ainkl5tmS-uZx3LG15MjZXbRQyE71871AouDuXY0hLTVEVG3ovaEvb8BSFOhJz7NpnTZdsY5vIOeBqSsaB31HJdMT8bNELQJ8VjhUoNw" target="_blank">link</a>).</li><li>For <em>The Leaflet</em>, Torsha Sarkar and Gurshabad Grover wrote about the <strong>legal framework of blocking in India</strong>
— Section 69A of the IT Act and its rules. They considered commentator
opinions questioning the constitutionality of the regime, whether
originators of content are entitled to a hearing, and whether Rule 16,
which mandates confidentiality of content takedown requests received by
intermediaries from the Government, continues to be operative (<a href="https://4jok2.r.ag.d.sendibm3.com/mk/cl/f/WggQUDysA9mWPEzvGTRc43aPpKNmNjDcdEzj1ALhrbXgQWqnZRY9L9J45XXbJ3yCnX9-XIuYyRTQ588cBiYNQIs2KsfB0Dydz2QY4Z5VdMTdJ-RMr2M5uDqJ8Amr5gT3APy01bg8gNTyoEvdIcKryjrWnUFlTdxFAtohQ_AwVRjTbzC5FcAFhO9DdHOQV0Xp9X65At3tR17epGvo" target="_blank">link</a>).</li><li>In the <em>Hindustan Times</em>, Gurshabad Grover critically analysed <strong>the confidentiality requirement embedded within Section 69A of the IT Act</strong> and argued how this leads to internet users in India experiencing arbitrary censorship (<a href="https://4jok2.r.ag.d.sendibm3.com/mk/cl/f/j75HVdd7j4huKQd0kP9lusNpz1ZL0CxXMEWeySOhsQZbcKECrEKfaq52LlB-QjnT1TIB1mjqhB0TyweA7rLCq41Rd_6uyBUo8-Uc4iHiHSXYxC06rhW7o7ZFtCt7bKdNldDWkoMhSD7x0daAhzcSdLSPbNBRSy1HkGEGZ7Z_11tovlleodez9gm60zyvkGNM1YMQSLZ4NZ0k8RD2zncGPoWXjsytI4YwnQyy_QZNSKOSdY2_X6GoVSugRZhmyWwWCpHpk-yDM7XJ0OF4GZlTUSgfhcfftJEGBlQlkQ" target="_blank">link</a>).</li><li>Torsha Sarkar, along with Sarvjeet Singh of the Centre for Communication Governance (CCG), spoke to <em>Medianama</em> delineating the <strong>procedural aspects of section 69A of the IT Act </strong>(<a href="https://4jok2.r.ag.d.sendibm3.com/mk/cl/f/QAWrguo8Vx6X1PsmbTvCTYQ6U6nycGdSRg9gfDYFTRxUAa82nB6gYpuPyEE3VztSJzG2888ua224upBlg-k9Tu29TZdhl3ET71WwsKUfKxdyUPkLiY1A4jSD1p59sH0KXlQBqU10H38gDFHZ5WVsMCwZXLTISv9SvXIRx7Vu59U4HBV-hhB3BSpe_SApQnHQgPN0BIl0g852jSINvTI6Bh5HGNTWZ3nQWRn5H1vShoG4Q3VcZBWfewbc" target="_blank">link</a>).</li><li>Arindrajit Basu spoke to the <em>Times of India</em> about the <strong>geopolitical and regulatory implications</strong> of the Indian government’s move to ban fifty-nine Chinese applications from India (<a href="https://4jok2.r.ag.d.sendibm3.com/mk/cl/f/lICwdbQnezwqQKZHQ_Xso6Qp7735jleiJJJI88DgKZx348ewlSRWU1uFyEbtMwZOoJRS5MjHbX9KgklFrlc-jKTXKL2S4K5aCXEU2isCuFhwORAz_DnnBai7nr2pyiK0HmM0Eb3AD_JyTUwWtg9O6c0jV0Nf8cbTuT3FD7WypVO_NWUJ_GZVo7er10LMUXE_1EP_d2nh2uziuXXmM1JV-9NN6klSATsLa_tprf0bDNbNa_U4DHMm6oQvXFfVHj74jRhq3nKDkCzQeQZ_SRMxNNqIUIN5aMLGbQfBAziZ_E3hIYp-ptOQ7Y2cqF_4eiYdY20tBm5ltySmFBQQi5_nFQ" target="_blank">link</a>).</li></ol>
</div>
</div>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/mapping-web-censorship-net-neutrality-violations'>http://editors.cis-india.org/internet-governance/blog/mapping-web-censorship-net-neutrality-violations</a>
</p>
No publisherpranavFreedom of Speech and ExpressionNet NeutralityInternet Governanceinternet governanceCensorship2020-10-05T07:59:47ZBlog EntryFundamental Right to Privacy — Three Years of the Puttaswamy Judgment
http://editors.cis-india.org/internet-governance/blog/fundamental-right-to-privacy-three-years-of-the-puttaswamy-judgment
<b></b>
<p id="docs-internal-guid-bf702073-7fff-fb00-21f6-28515e6faf55" dir="ltr"> </p>
<p dir="ltr">Today marks three years since the Supreme Court of India recognised the fundamental right to privacy, but the ideals laid down in the Puttaswamy Judgment are far from being completely realized. Through our research, we invite you to better understand the judgment and its implications, and take stock of recent issues pertaining to privacy. </p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Amber Sinha dissects the Puttaswamy Judgment through an analysis of the sources, scope and structure of the right, and its possible limitations. [<a href="https://cis-india.org/internet-governance/blog/the-fundamental-right-to-privacy-an-analysis">link</a>]</p>
</li></ol>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Through a visual guide to the fundamental right to privacy, Amber Sinha and Pooja Saxena trace how courts in India have viewed the right to privacy since Independence, explain how key legal questions were resolved in the Puttaswamy Judgement, and provide an account of the four dimensions of privacy — space, body, information and choice — recognized by the Supreme Court. [<a href="https://cis-india.org/internet-governance/files/amber-sinha-and-pooja-saxena-the-fundamental-right-to-privacy-a-visual-guide/view">link</a>]</p>
</li></ol>
<ol start="3"><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Based on publicly available submissions, press statements, and other media reports, Arindrajit Basu and Amber Sinha track the political evolution of the data protection ecosystem in India, on EPW Engage. They discuss how this has, and will continue to impact legislative and policy developments. [<a href="https://www.epw.in/engage/article/politics-indias-data-protection-ecosystem">link</a>] </p>
</li></ol>
<ol start="4"><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">For the AI Policy Exchange, Arindrajit Basu and Siddharth Sonkar examine the Automated Facial Recognition Systems (AFRS), and define the key legal and policy questions related to privacy concerns around the adoption of AFRS by governments around the world. [<a href="https://aipolicyexchange.org/2019/12/26/decrypting-automated-facial-recognition-systems-afrs-and-delineating-related-privacy-concerns/">link</a>]</p>
</li></ol>
<ol start="5"><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Over the past decade, reproductive health programmes in India have been digitising extensive data about pregnant women. In partnership with Privacy International, we studied the Mother and Child Tracking system (MCTS), and Ambika Tandon presents the impact on the privacy of mothers and children in the country. [<a href="https://cis-india.org/internet-governance/blog/privacy-international-ambika-tandon-october-17-2019-mother-and-child-tracking-system-understanding-data-trail-indian-healthcare">link</a>] </p>
</li></ol>
<ol start="6"><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">While the right to privacy can be used to protect oneself from state surveillance, Mira Swaminathan and Shubhika Saluja write about the equally crucial problem of lateral surveillance — surveillance that happens between individuals, and within neighbourhoods, and communities — with a focus on this issue during the COVID-19 crisis. [<a href="https://cis-india.org/internet-governance/blog/essay-watching-corona-or-neighbours-introducing-2018lateral-surveillance2019-during-covid201919">link</a>]</p>
</li></ol>
<ol start="7"><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Finally, take a dive into the archives of the Centre for Internet and Society to read our work, which was cited in the Puttaswamy judgment — essays by Ashna Ashesh, Vidushi Marda and Bhairav Acharya that displaced the notion that privacy is inherently a Western concept, by attempting to locate the constructs of privacy in Classical Hindu [<a href="https://cis-india.org/internet-governance/blog/loading-constructs-of-privacy-within-classical-hindu-law">link</a>], and Islamic Laws [<a href="https://cis-india.org/internet-governance/blog/identifying-aspects-of-privacy-in-islamic-law">link</a>]; and Acharya’s article in the Economic and Political Weekly, which highlighted the need for privacy jurisprudence to reflect theoretical clarity, and be sensitive to unique Indian contexts [<a href="https://cis-india.org/internet-governance/blog/economic-and-political-weekly-bhairav-acharya-may-30-2015-four-parts-of-privacy-in-india">link</a>]. </p>
</li></ol>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/fundamental-right-to-privacy-three-years-of-the-puttaswamy-judgment'>http://editors.cis-india.org/internet-governance/blog/fundamental-right-to-privacy-three-years-of-the-puttaswamy-judgment</a>
</p>
No publisherpranavinternet governanceInternet GovernancePrivacy2020-08-24T07:46:10ZBlog Entry